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Editorial Pointers 


SYSTEM SECURITY, AS COVERED IN THESE PAGES 

many times, is the ultimate team effort. It takes more 
OF SECURITY than specialized equipment and protective strategies to 
“esa Je"! maintain a system’ operations. It takes users to adopt 
these measures and apply them whenever necessary. 
On Team Security, the user is the weakest player. 

Ryan West, a design researcher at Dell, Inc., has 
spent years examining the principles of human behavior 
that govern how users think about security in daily situations. His research 
sheds light on why users so often undermine security “by accident.” 
Designers of security systems must understand how users make decisions 
regarding security. Indeed, the most elegant design interface is useless if 
users fail to heed the warnings or follow the rules. West provides key con- 
cepts and spells out ways to improve users’ security behavior. 


THE PSYCHOLOGY 


ALSO IN THIS ISSUE, BODIN, GORDON, AND LOEB OFFER VALUABLE 
insight for anyone responsible for managing risk in information secu- 
rity. As they note, defining risk is hardly an easy task. To help in this 
regard, they introduce a new metric to evaluate investment proposals 
for enhanced information security. 

Data may provide a treasure trove of information, but often finding 
the true gems within depends on our trust in its veracity. Moreau et al. 
argue data must be accompanied by a provenance that reflects, among 
many things, where the data originated and where it’s been. In addi- 
tion, Whitten et al. examine the role of IT in health care, not only as it 
affects the way health care professionals work, but also the way patients 
receive and perceive their care. 

Despite the popularity of the Learning Management System (LMS) 
as a faculty support tool, it continues to struggle for acceptance. Yueh 
and Hsu share their experience at National Taiwan University, illustrat- 
ing how a university can increase faculty usage through better LMS 
design. And Liao and Chung ask what service-quality attributes must 
Internet banks offer to induce consumers to switch to online transac- 
tions and keep using them? They insist the potential exists for Internet 
banking to be much more important than it already is, but will require 
that financial institutions improve their service quality. 

We have witnessed a wave of studies of online auction fraud over the 
past year, most disputing the reigning myth that less than 0.01% of 
complaints to eBay allege auction fraud. Gregg and Scott suggest the 
problem of online auction fraud may be far worse than numbers indi- 
cate. And Oshri, Kotlarsky, and Willcocks contend F2F meetings may 
be invaluable for project teams dispersed globally, but managers must 
prioritize activities before and after these meetings to help team mem- 
bers stay connected. 

Finally, on page 27, ACM is pleased to announce the 2007 
Distinguished and Senior Members. 
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What Is It About Being a 
Girl That Avoids IT? 


I applaud the goals of the research 
reported in “Women and Men in 
the IT Profession” (Feb. 2008) by 
Vicki R. McKinney et al. Unfor- 
tunately, the conclusions fell 
somewhat short of their goals; 
that is, it seems that women and 
men already in IT share similar 
socialization, experience, and atti- 
tude. Missing from the study was 
a non-IT control group. It is not 
surprising that there are few dif- 
ferences between women and 
men in IT. What about differ- 
ences between women and men 
not in IT? Or between girls and 
boys who have not yet made a 
career choice? Discovering these 
differences would shed more light 
on the question of why more 
women don’ enter the profession 
in the first place. 

STEVE MCCONNELL 

Bellevue, WA 


Authors’ Response: 

McConnell raises excellent ques- 
tions about career choices and 
what influences the decision to 
enter IT (input). The National 
Science Foundation funded us to 
study women who are already IT 
professionals (throughput) and 
other researchers to study input 
issues in the IT work force. Our 


focus on throughput delivered sur- 

prising insight into current IT 
professionals. 

Vicki R. MCKINNEY, 

Darry_ D. WILSON, 

Nita Brooks, 

ANNE O’LEARY-KELLY, 

BiLtt HARDGRAVE 


PERIPHERALS As IMPORTANT 
As PROCESSORS 
Gordon Bell’s article “Bell’s Law 
for the Birth and Death of Com- 
puter Classes” (Jan. 2008) focused 
on processor technology, saying 
“The evolutionary characteristics of 
disks, networks, displays, user- 
interface technologies, and pro- 
gramming environments will not 
be discussed here.” But, in fact, 
peripheral devices are just as impor- 
tant as processors in computing. 
The earliest “hobby” personal 
computers used paper tape, but it 
was the floppy disk that made PCs 
practical for business use. Pro- 
grams like Runoff and FancyFont 
allowed limited forms of publish- 
ing on chain and dot-matrix 
printers, but it was the laser 
printer that made WYSIWYG 
word processing generally useful 
and put PCs in offices the world 
over. Multimedia needs fast CPUs 


but wouldn't be practical without 
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relatively inexpensive multigiga- 
byte hard drives. A simple cell 
phone might get by without a dis- 
play, but it’s the LCD display that 
makes smart phones possible. 
Tom Moran 
Saratoga, CA 


CELEBRATE WEISS’S 

CONTRIBUTIONS, TOO 

My congratulations to all involved 
in producing the outstanding 50th 
anniversary issue (Jan. 2008). 
However, my own article, “The 
Battle of the Covers,” fell short in 
at least one significant regard—not 
mentioning the key role Eric Weiss 
played in taking the helm as the 
first chair of the Publications 
Board (I was the second). He 
established the framework in many 
ways for all who followed, taking 
on the task with his usual patience, 
dedication, good judgment, and 
equally good humor. His support 
of Communications during those 
early years was crucial. 

M. Stuart Lynn, Ep!ITor-IN-CHIEF 

JANUARY 1969—MARCH 1973 


Please address all Forum correspondence to the 
Editor, Communications of the ACM, 2 Penn 
Plaza, Suite 701, New York, NY 10121-0701; 
email: crawfordd@acm.org, 
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News Track. 


TEXT-MATCHING COPYCATS 

A new computerized look at the biomedical research lit- 
erature has turned up tens of thousands of articles in 
which entire passages appear to have been lifted from 
other papers. In fact, researchers estimate there may be 
as many as 200,000 duplicates among some 17 million 
papers in the leading life sciences and biomedical 
research database Medline (medline.cos.com). Scientific 
American reports researchers from the University of 
Texas Southwestern Medical Center in Dallas used a 
text-matching algorithm to compare seven million 
Medline abstracts against matching entries flagged by 
the database’s software as being closely related. The 
researchers set their own software tool, called eTBLAST, 
to identify pairs that were more than 45% identical. 
The search turned up more than 70,000 hits, which the 
researchers and three assistants then checked manually. 
In 79 cases (and counting), duplicates with different 
authors had no obvious legitimate explanation. The 
group set up a public Web site, Deja vu 
(http://discovery. swmed.edu/dejavu/), to document the 
findings. The researchers estimate that about 50,000 of 
the eT BLAST hits will turn out to be either plagiarized 
or multiple listings. The next step, they say, is for jour- 
nals to investigate. 


Bionic Eyes 
Engineers at the University of Washington have for the 
first time used manufacturing techniques at microscopic 
scales to combine a flexible, biologically safe contact 
lens with an imprinted electronic circuit and lights. 
There are many possible uses | 
for virtual displays, reports 
UWeek.org. Drivers or pilots 
could see a vehicle’s speed pro- 
jected onto a windshield. 
Videogame companies could 
use the contact lenses to com- 
pletely immerse players in a 
virtual world without restrict- 
ing their range of motion. And) 
for communications, people 


could surf the Net on a midair 


virtual display that only they would be able to see. 
While the prototype contact lens does not correct 
the wearer’s vision, the technique could also be 
used on corrective lenes. Ideally, installing or 
removing the bionic eyes would be as easy as pop- 
ping in a contact lens. 


SWIPE-AND-RIDE 


San Francisco’s transit system is the first in the 
U.S. to test a systemwide cell phone payment pro- 
gram that allows riders to pass through the turn- 
stiles with a wave of a phone. The $200,000 pilot 
project, which ends its testing phase this month, 
uses a wireless chip that lets people pay by passing 
their phone over a wireless reader. The Bay Area 
Rapid Transit (BART) has been using the contact- 
free technology in its EZ Rider pilot program, 
allowing riders to pay at the turnstiles by waving 
a plastic card with a wireless chip. The latest test 
puts a similar chip inside a phone, eliminating the 
need for additional cards. BART is also working 
with fast-food franchise Jack in the Box to allow 
trial participants to pay for food with their cell 
phones. Users load up to $48 on the chip from a 
credit or debit card account via BART’s Web site 
(www.bart.gov). This “near-field communication” 
technology, in wide use throughout Asia, will 
likely continue to proliferate in the U.S., based on 
preliminary results of the BART test. 
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CHINA’s NETIZENS ON RISE 

The Chinese government has announced its Internet 
population soared to 210 million people, putting it 
on track to surpass the U.S. online community this 
year as the world’s largest. According to government 
officials, China is only five million behind the U.S. 
online, a figure consistent with some U.S. estimates. 
But China still lags the U.S. in several respects. Chi- 
nas online penetration rate is placed at 16%, the 
point Americans hit in the mid-1990s. About 75% of 
U.S. adults are now online; penetration is higher 
when teens are included. Internet penetration in 
China holds a different meaning, however, where 
cyber cafes serve as the main entry to the Web for 
many people. Still, say officials from both sides, Chi- 
na’s online growth is significant. 


TECHNOLOGY INFLUENCERS 
Intel recently organized a panel of experts, including 
academics, journalists, and independent third par- 
ties, to vote for the 45 most influential figures in 
technology over the last 150 years. The top 10 vote 
grabbers are: 


1. Tim Berners-Lee (World Wide 
Web founder) 

2. Sergey Brin (Google co- 
founder) 

3. Larry Page (Google co-founder) 

4. Guglielmo Marconi (Inventor 
of the radiotelegraph system) 

5. Jack Kilby (Inventor of the 
integrated circuit and calculator) 

6. Gordon Moore (Intel co-founder) 

7. Alan Turing (Pioneer in deciphering German 
code in WWII) 

8. Robert Noyce (Intel co-founder) 

9. William Shockley (Co-inventor of the transis- 
tor) 

10. Don Estridge (Led development of the IBM 
computer) 


be 


T. BERNERS-LEE 


For the full list of technology influencers, which 
includes Bill Gates (#31), Steve Jobs (#14), and Vint 
Cerf (#13), see http://blogs.telegraph.co.uk/tech- 
nology/technotes/jan08/mostinfluentialtechies.htm. 
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BETWEEN ADs AND FRIENDS 

The MySpace generation wants less space devoted to 
online advertising. In fact, the ads on social net- 
works like MySpace and FaceBook have become so 
widespread—and annoying—that users are begin- 
ning to opt out. BusinessWeek reports the average 
amount of time users spend on social networking 
sites fell 14% in four months, with MySpace slip- 
ping from a peak of 72 million users last October to 
68.9 million last December. Besides slowing user 
growth and declining time spent on these sites, users 
appear to be less responsive to ads. If advertisers can’t 
figure out how to reverse these trends, social net- 
working could end up as a niche market in the cyber 
ad world, slashing valuations across Silicon Valley. 


Smart BADGES 

In other news (and forms) of social networking tech- 
nology, smart conference badges might be able to 
help people venture out, form new connections, and 
gain insight into how they 
interact with others at such 
events. Technology Review 
reports MIT’ researchers 
tracked the social interac- 
tions of a select group of 
attendees at a conference 
using a smart badge incor- 
porating an infrared sensor, 
wireless radio, accelerometer, and microphone to log 
the bearer’s behavior. The data from the sensors was 
wirelessly transmitted to a computer that produced 
a real-time visualization of the event’s social graph. 
The project illustrates the increasing popularity of 
sociometrics, a discipline in which sensors collect 
fine-grain data during social interactions and soft- 
ware makes sense of it. Similar tags from Intel are 
being used to help monitor the health and behavior 
of the elderly. Rick Borovoy, co-founder and CTO 
of MIT"s spin-off company nTag, contends this 
form of “reality mining” creates a sense of commu- 
nity and identity. “It’s a way to subtly intervene and 
disrupt conventional networking patterns.” 
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Faith-Based Security 


A tongue-in-cheek look at serious security issues. 


T security has received 

increased attention primarily, 

but not exclusively, due to the 
increased threat from viruses, 
worms, password crackers, ‘Trojan 
horses, and a cornucopia of other 
types of malware and exploits. As 
a consequence of this increased 
attention, a variety of secu- 
rity models have been pro- 
posed. Security in depth 
(SID) is one such exam- 
ple. Winn Schwartau's 
time-based security is 
another. In this column, 
I offer another modest 
example extrapolated 
from popular culture: faith- 
based security, aka “no network 


left behind.” 


Security MODELS 

By their very nature, security 
models are usually out of date. 
Security modeling is akin to dri- 
ving forward while looking 
through the rearview mirror since 
security systems are primarily 
reactive. The problem is illus- 
trated by zero-day exploits where 


the first appearance of an exploit 
coincides with the first appear- 
ance of a vulnerability. One of the 
grand challenges in future digital 


security is to figure out how to 
model the unknown in anticipa- 
tion of post-modern exploits, 
such as zero-day attacks and so- 
called “super worms.” 

Security models also tend to be 
obtuse. Though “security in 
depth” is a common phrase in IT 
circles, few could define it pre- 
cisely. The phrase has been used 


to describe everything from cas- 
caded network defenses and lay- 
ered intrusion prevention/detection 
systems to differentiated pass- 
word-control policies. About 
the only common theme I 
can detect is that security- 
in-depth seems to be 
used interchangeably 
with “more is better.” 


THE SECURITY IN DEPTH 
FALLACY 

There is an interesting 
fallacy in informal logic 
~ called the principle of 

> vacuous alternatives. It 
goes something like this: 
Take any sentence. If the nega- 
tion of that sentence seems pre- 
posterous, then the original 
sentence is likely vacuous. As an 
example, consider “T believe in 
justice.” The negation, “T dont 
believe in justice,” seems like an 
absurd remark. It’s not that it’s 
nonsensical. Rather, it has no 
conversational contribution to 
make as it’s difficult to imagine 
how any reasonable person could 
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disagree with it. Vacuous 
propositions behave like 
semantic tautologies. 
Such is the case with 
security in depth. Have 
you ever heard an IT pro- 
fessional champion the 
cause of “superficial secu- 2 
rity,” “shallow security,” 
or “myopic security?” Not 
likely. This is the primary 
reason why security in 
depth is so poorly under- 
stood. Its vagueness 
quickly gives way to vacu- 
Ousness on inspection. 


SECURITY THROUGH 
OBscuriTy 

I admit that a prima facie case 
could be made for security in 
depth even in the naive sense of 
“more is better.” When I propose 
adding a new vitamin to my diet, 
my internist tells me “At this point 
there is no physiological evidence 
that suggests that this substance is 
harmful to humans, so knock 
yourself out.” As with my vita- 
mins, a random application of 
security applications and systems is 
unlikely to do any more harm 
than lure one into a false sense of 
security and perhaps slow things 
down a bit. And like the vitamins, 
when carefully and judiciously 
applied and evaluated in a con- 
trolled experimental setting, even 
naive security in depth can be of 
some value. 

Such is not the case with our 
third model: security through 
obscurity (STO). No prima facie 
case may be made here. The gen- 
eral premise of STO is that invio- 


frame control 
~~ duration : 21276 usec 

~ dest addr ; DD:FE:F1:5C:82:87 
+» bssid ; 9D:2B;1D:3B:42;85 
sre addr ; EF:3F:90:9D:44:CD 
i frag number : 14 

“~ $eq number : 2296 


so WEP init. vector ; OxS8CDB1 
~~ WEP key ID : 3 

~~ encrypted data : 120 bytes 
Lo WEP ICV : OxBBSCAGAG 


lability is a consequence of the 
enigmatic. This is same sort of rea- 
soning that helped the Imperial 
Japanese Navy and German 
Wehrmacht become the global 
powers they are today. The Japan- 
ese Purple and JN-25 codes and 
the German Enigma cipher system 
were assumed to be inviolate pre- 
cisely because of their hidden 
complexity. As far back as the 
1880s, Auguste Kerckhofts pro- 
posed that no cryptographic sys- 
tem that purports to be secure 
should be predicated on the 
assumption that no one would 
ever figure out how it worked— 
rather the emphasis should be 
robustness of the procedure and 
key strength. Both Axis powers 
failed to comprehend the weak- 
ness of STO. This also speaks in 
favor of the robustness of open 
source software. 

Despite our intuitions, many 
software systems have adopted 
STO to their cost. To illustrate: 
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Figure 1. The WEP initialization 
vector is communicated in 
cleartext (for example, 
ox58CDBi). 


Windows buffer over- 
flows, such as the 
IDQ.DLL overflow in the 
Code Red Worm, were 
entirely predictable to 
anyone who knew how 
the Windows ISAPI 
extensions worked. This 
was a design defect that 
produced a buffer over- 
flow and ran the malware 
with elevated privileges 
since IDQ.DLL runs 
within Inetinfo.exe as local 
administrator. It was assumed no 
one would notice the inadequate 
bounds and error checking built 
into the operating system. We'll 
place this in STO category I: fail- 
ure to write secure code. Concep- 
tually similar vulnerabilities, like 
format string attacks (printf) in 
Unix and SQL compromises in 
Windows (IIS/RDS), would also 
fall into our first category. 

Another example is the entire 
suite of 802.11 security vulnerabili- 
ties. In this case, the defect was 
actually built into the standards. 
Nowhere is this more evident than 
with the wired equivalent privacy 
(WEP) protocol. 

WEP has many “issues” that 
go beyond our current interest. 
However, one stands out as a par- 
adigm case of a mistake carried 
through to perfection: the sloppy 
implementation of the RC4 sym- 
metric, stream cipher. The faulty 
WEP algorithm was a part of the 
original IEEE 802.11 protocol 


Figure 2. The 802.11 frame body 
always begins with a SNAP 
header (for example, AA). 


E}-802.2 LLC header 
i~ Source SAP ; SNAP 
i Destination SAP : SNAP 


specification. 

Generally, WEP works 
like this. The RC4 algo- 
rithm uses the pseudoran- 
dom generation algorithm 
(PRGA) to produce a 
key-stream of bits that are 
XORed with the plaintext 
to create the ciphertext. 
Key-change is accom- 
plished by adding an Initialization 
Vector (IV) that makes each 
packet key unique. The IV is con- 
catenated with the WEP key to 
form the WEP seed. 

The properties of the IV are 


interesting: 


1. The IV is only 24 bits long; 

2. The IV is always prepended to 
the WEP key; 

3. The IV is always transmitted in 
cleartext (see Figure 1); 

4, Some IVs are “weak” in the 
sense that they suggest informa- 
tion about the key—the first 
bytes of a typical WEP packet 
are typically the snap header 
OxAA (see Figure 2); 

5. The IEEE standards were so 
ambiguous that many vendors 
used sequential IV generators 
that begin with 00:00:00 and 
wrap with FF:FF:FF; and 

6. The key-generation algorithm 
itself is hobbled because the 
most significant bit of each key 
is always 0; thus it only pro- 
duces unique keys for seeds 
00:00:00:00 through 
00:7: 7F:7E 


i control ; unnumbered info 
protocol : IP 


The community of FMS (after 
Fluher, Mantin, and Shamir) 
attack analysts reacted immedi- 
ately. In short order a flurry of 
successful WEP-cracking tools 
were developed (WEPAttack, 
WepCrack, Aircrack, WepLab, 
WEPWedgie) all made possible by 
the faulty implementation of 
RC4. A virtual cottage industry 
was made possible because the 
original WEP security standard 
followed the STO model. We will 
put the WEP vulnerability into 
our new STO Category II: 
botched implementations. 

One might think the frailty of 
WEP would have triggered a total 
rethinking of WiFi security. Such 
is not the case. While WEP’s suc- 
cessor, Wireless Protected Access 
(WPA), did strengthen the 
integrity-checking algorithm and 
key management, it basically just 
added another layer of obscurity 
over the sloppily designed WEP in 
the form of a shell over the RC4 
algorithm. Deployed by the Wi-Fi 
Alliance in 2002, WPA didn’t 
really eliminate the key-manage- 
ment problem inherent in WEP, 
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but rather proliferated the 
number of keys involved. 
WPA uses a pairwise mas- 
ter key (PMK) to generate 
additional keys that are 
combined with sender 
MAC address, packet 
sequence number, the 
wireless Service Set ID, 
and SSID length as grist 
for the hashing mill 
(PKCS #5 v. 2.0). Let’s 
think about this. If an 
underlying procedure is 
faulty, does it become less faulty if 
we use it over and over and over 
again? WPA relied on STO, just 
like its predecessor. Predictably, 
within a year of release, a success- 
ful WPA attack was discovered. 
Shortly therafter, the WPA-crack- 
ing utility coWPAtty was released 
that reverse engineers the PMK 
from the SSID, SSID length, and 
sequence number MAC address, 
and WiFi security was back at the 
starting block. 


either was the Extensible 

Authentication Protocol 

immune. Cisco's version of 
EAP, LEAP, deserved the term 
lightweight. LEAP’s major fault 
was that it relied on the MS- 
CHAPv2 hashing algorithm for 
authentication. MS-CHAPv2 
does not use “salt,” so the same 
plaintext value will always pro- 
duce the same hashed value. This 
makes EAP-LEAP vulnerable to 
dictionary and replay attacks. 
Once again, the defense of EAP- 
LEAP ultimately relied on no one 
finding out how the system 
works. Auguste Kerckhoffs could 
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have predicted this without ever 
seeing a computer. 

My final example came to my 
attention in the past few weeks. 
MIFARE is a proprietary encryp- 
tion technique for RFID (radio 
frequency identification) devel- 
oped by Philips and Siemens in 


URL PEARLS 


is possible to discern patterns in 
the challenge-response authentica- 
tion procedure that can be used in 
a replay attack, and from there it 
is possible to recover the key from 
the value of the unique identifier 
and the observed behavior of the 
shift register in the authentication 


When it comes to digital security systems, secrecy is indeed the mother of dys- 
function. The security vulnerabilities described in this column were real and betray 
only the slightest hint of literary hyperbole. For those interested in the details, two 


of the security-through-obscurity examples were covered in previous columns: the 


Code Red Worm was discussed in December 2001; and Wireless Infidelity 


appeared in December 2004 and again in August 2005. The RFID MIFARE exploit 
was presented at the 24th Chaos Communication Congress last December (see 
events.ccc.de/congress/2007); a video of the presentation by Karsten Nohl and 


Henryk Plotz is available at video.google.com/videoplay?docid= 425236768097439- 


6650&hl=en. 


the late 1990s. MIFARE is an 
attempt to cryptographically 
secure the now-ubiquitous RFID 
space that relies on RF transmis- 
sion for communication between 
transmitter and receiver. 


ollowing the common 

theme, the security of the 

proprietary MIFARE system 
is predicated on the belief that no 
one will discover how it works. 
And, as one might predict, some 
MIFARE circuits were reverse 
engineered down to the gate level. 
The result was the discovery that 
the random number generation 
that drove the encryption resulted 
from a 16-bit key linear feedback 
shift register based on a master 
key and a time signature. With 
RFID sniffing via an open PICC 
(proximity integrated contactless 
chip) card and a logic analyzer, it 


process. We'll create STO cate- 
gory III for this MIFARE vulner- 
ability: turning chip designers 
loose with CAD/CAM software 
without adequate education and 
training. 


FAITH-BASED SECURITY 
Examples of failed STO could fill a 
weighty tome. I’ve mentioned 
three. These examples highlight the 
consequences of building deficien- 
cies into the design of things or at 
least unwittingly including them. 
The flaws would likely have been 
detected and reported had the 
code, system, or chipset been care- 
fully analyzed during impartial peer 
review by qualified professionals. 
But I don’t want to leave this 
critical view of deficiencies at the 
feet of naive SID or STO. I’m 
looking for first principles here. 
Pll refer to the common ele- 
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ments between them under the 
general rubric of faith-based secu- 
rity—in the most secular sense of 
this popular phrase. The only 
thing these two security models 
have going for them is the unsup- 
portable and unjustified faith that 
they are reliable. These are mani- 
festations of the technologist suc- 
cumbing to the self-deception 
that secrecy and tight lips will 
cover all design misjudgments. 

I propose that faith-based secu- 
rity enter our vocabulary as the 
default model of IT security. Let’s 
get the faith-based orientation of 
naive security in depth and STO 
up front where it belongs. Think 
of the advantages. If an auditor 
asks why we decided to place our 
Web server on the inside of our 
enterprise firewall, we report that 
we have faith in our Internet 
comrades. Faith is a predicate of 
propositional attitude, like belief, 
want, and desire. If someone says 
they have faith in something, one 
can't say “No you don't,” at least 
not until someone comes up with 
a method to read thoughts. The 
auditor doesn’t have faith, we do 
have faith; half-empty, half-full. 
You get the idea. 

Since the integrity of a faith- 
based security implementation is 
by definition taken on faith, we 
hold the position that whatever 
policies and procedures discovered 
by an auditor were actually 
intended. So what if our corpo- 
rate mailer is running on an oper- 
ating system that hasn't been 
supported since perestroika—we 
have faith in good old “digital 
iron.” After all, when was the last 
time you read about some hacker 


compromising OS/2 or Multix? 
So the primary remote access to 
our file server is TFTP; our spin 
is that any protocol that old is 
“time-tested.” So our password 
security policy requires LAST- 
NAME followed by YEAR; we 
emphasize that we have a rule for 
password expiration built right 
into our password security policy. 

No baselines to measure, no 
checklists to distract us, no con- 
cern over best practices, no spe- 
cific objectives to define. COBIT? 
Out the window. FISCAM? Who 
needs it? SOX, HIPAA, GLB? No 
thank you. 

So the next time someone chal- 
lenges your organization's security 
model, rather than beating 
around the bush, making excuses, 
blaming budgetary woes, faulting 
managements lack of vision, or 
chastising vendors, think outside 
the box. State up front that your 
security model is faith-based and 
take a swerve around all the 
minutiae. Treat these details like 
all of those log files you haven't 
reviewed since you upgraded to 
NT Service Pack 2. Build in back- 
ward “time basing” to the ulti- 
mate IT apocalypse—the 
implosion of the commercial 
Internet. After that, who will care 
about digital security anyway? @ 
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Getting to “We” 


Solidarity, not software, generates collaboration. 


esses are large, complex, 

seemingly intractable sit- 

uations that no one can 
find a way out of. The most tan- 
gled messes are called “wicked 
problems” because people cant 
even agree on what the problem 
is and because the solution 
will almost surely entail a 
disruptive innovation [2, 
9]. Collaboration is essen- 
tial for resolving messes. 
Can our impressive array 
of “collaboration technolo- 
gies” help those trying to 
solve messy problems? 

This is not an easy 

question. The messiness 
of the problems is usually 
nontechnical in origin. Lewis 
Perelman cites infrastructure 
renewal as a messy problem 
involving the clash of “green” and 
“blue” agendas [8]. Green repre- 
sents the sustainability movement, 
which aims at environmental pro- 
tection and resource efficiency; its 
main concerns include energy- 
neutral designs for buildings and 


other infrastructure. Blue repre- 


sents the security movement, 
which aims to protect against 
attacks and disasters; its main con- 
cerns include critical infrastruc- 


ture. The various players do not 
agree on the relative importance 
of the two perspectives. Each per- 
spective reaches different conclu- 
sions about infrastructure renewal 
and best use of resources. 

Can our technologies help the 
players to develop a larger, more 
encompassing perspective, a sort 
of “blue-green space” rather than 


two opposing ends of a contin- 
uum? [3, 8] Such technologies 
might appear as major challenges. 
Blue and green advocates tend to 
avoid each other. When they do 
make contact, their interactions 
often do not go well, ending 
with legal battles, such as the 
fe) one in California between 
} the U.S. Navy (wanting to 
test new sonar systems) and 
National Resources Defense 
4 Council (wanting to protect 
A marine wildlife). Often the 
groups form political move- 
ments that try to “win” by 
gathering votes and pre- 
venting losers from wresting 
compromises. 
Recent experience at the grass 
roots is more optimistic. People 
are tired of failed public projects 
in parks, development, affordable 
housing, climate change, and 
infrastructure renewal. They are 
turning to facilitated processes 
that guide them to collaboration. 
Prominent examples include 
Appreciative Inquiry [1], Straus 
Method [10], and Charrettes [7]. 
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The sad news is that 
most of our “collabora- 
tion technologies” are 
not able to support 
such collaboration 
processes. The good 
news is that with a 
clear understanding of 
the essence of the col- 
laboration process, we 
can design technologies 


that can help. 


Information 
Sharing 


DEFINING 
COLLABORATION 
Collaboration generally 
means working 
together synergistically 
[6]. If your work 
requires support and 
agreement of others 
before you can take 
action, you are collabo- 
rating. 


Coordination 


Cooperation 


oordination and 

cooperation are 

weaker forms of 
working together; nei- 
ther requires mutual 
support and agree- 
ment. Coordination 
means regulating inter- 
actions so that a system of people 
and objects fulfills its goals. 
Cooperation means playing in the 
same game with others according 
to a set of behavior rules. In this 
discussion, we use collaboration 
for the highest, synergistic form of 
working together. 

Four levels of working together 
are listed in the table here along 
with examples of supporting 
groupware tools. We have listed 


20 


Collaboration 


P 
Exchanging blog 
messages chat 
and data content streaming 


corporate directories 
database sharing 
discussion board 
document sharing 
email 

file servers 

instant messaging 
live presentation 
PC access 
recording 

remote blackboard 
RSS 

screen sharing 


version control systems remote 


VoIP 
VPN 


Regulating elements and 
players for harmonious 
action 


auction systems 
classroom management 
concurrency control 
decision support 


interactive voice recognition 


Internet protocols 
network meetings 
online payments 
Operating system 
project management 
shopping cart 


service-oriented architecture 


support center 
telescience (remote lab) 
workflow management 


Playing together 
in the same game 
under agreed 


collaboratory 
creation nets 
discussion forum 


“rules of interaction” multiplayer games 
(including games newsgroup 
of competition) Second Life 
socially beneficial games 
wiki (Wikipedia) 


Creating solutions or 
strategies through the 
synergistic interactions 
of a group of people 


Appreciative Inquiry 
Brainstorming 
Charrettes 
Consensus workshop 
Straus Method 


tools at the highest levels at which 
they can consistently deliver the 
expected results. For example, chat 
is an information-sharing technol- 
ogy but it does not guarantee that 
participants will cooperate or coor- 
dinate on anything. An operating 
system 1s a coordination technol- 
ogy and a multiplayer game is a 
cooperation technology but nei- 
ther guarantees that its players will 
synergistically achieve a larger goal. 
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Levels of joint action and 
associated tools. 


Although the informa- 
tion-sharing technologies 
do not guarantee coopera- 
tion, coordination, or col- 
laboration, their users 
sometimes develop impres- 
sive systems of practice. 
For example, the Faulkes 
‘Telescope is a facility that 
provides free access to 
robotic telescopes and an 
education program to 
encourage teachers and 
students to engage in 
research-based science edu- 
cation (see http://faulkes- 
telescope.com). John 
Hagel and John Seely 
Brown see this as a fine 
example of a creation net, 
a (possibly collaborative) 
community that learns and 
invents together. Creation 
nets can be adopted and 
managed by organizations 
seeking to be more innova- 
tive [5]. Thus, a commu- 
nity practice can be 
harnessed and imitated 
even if no technology embodies it. 

It is apparent from the items 
listed in the table that most “col- 
laboration tools” do not guarantee 
their users will collaborate on any- 
thing. Only a few tools actually 
qualify as collaboration technolo- 
gies. The five collaboration tools 
listed are processes that at best are 
partially automated. 

If we are to achieve the extent 
of collaboration we keep calling 


Structure of messy problem 
solving. 


Design 


for, and support collabo- 
ration with automated 
tools, we require a deeper 
understanding of how 
collaboration works. 


COLLABORATION IS NOT Our First 
CHOICE 

When faced with a messy prob- 
lem, most people do not automat- 
ically fall into a mode of 
collaboration. Our colleague, 
Nancy Roberts, has confirmed this 
from her work and uses it to teach 
a class on “coping with wicked 
problems” [9]. 

Roberts begins the class by pos- 
ing a wicked problem and asking 
everyone to devise a solution to it. 
When they come together, the 
group judges no solution satisfac- 
tory. Their proposals typically 
involve getting an appropriately 
high authority to make and 
enforce key declarations. For exam- 
ple, a green infrastructure is best 
achieved by establishing a new cab- 
inet-level “infrastructure czar” who 
can set sustainability goals, create 
timetables for their completion, 
and inflict punishments on those 
who do not comply. 

After this failure, Roberts asks 
the students to try again. Once 
again, when they come together, 
the group judges no proposed solu- 
tion satisfactory. This time their 
proposals involve various forms of 
competition: the best prevails in 
some sort of contest. For example, 
the green and blue advocates both 
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present their cases to the public, 
who vote on referenda to adopt 
one scheme after a period of 
debates and campaigning. 

Roberts sends the students back 
to try a third time. In their frustra- 
tion over their recalcitrant instruc- 
tor they start meeting as a group. 
They discover they can invent 
solutions that take care of multiple 
concerns. They find a solution to 
the wicked problem. 

Roberts notes that the students 
eventually got to collaboration, 
but not before they had exhausted 
the alternatives of authoritarianism 
and competition. These two 
approaches do not work because 
they do not show each member of 
the group how individual concerns 
will be addressed. Roberts con- 
cludes, “People fail into collabora- 
tion.” 

We are not saying that authori- 
tarian solutions or competition 
solutions never work. Of course 
they do. They tend not to work 
for wicked problems. Our famil- 
iarity with them draws us to them 
first. Roberts is saying that when 
we encounter a wicked problem, 
our best bet is to look for a collab- 
orative solution. 

The situation in the U.S. after 
Hurricane Katrina in August 2005 


Follow 
Through 


followed this pattern. 
The wicked problem 
was to restore infrastruc- 
ture in a region where 
most of the residents 
had permanently fled 
after the storm knocked 
out all power, communi- 
cations, water, trans- 
portation, food 
distribution, sewage, and waste 
removal. The President's first pro- 
posal (FEMA takeover) was 
authoritarian. Local authorities 
asserting regional rights rebuffed 
that approach. Thereafter, the situ- 
ation devolved into numerous 
competitions (including disputes 
and finger-pointing) between fed- 
eral and local jurisdictions. ‘Two 
years after the disaster, the region 
remained gridlocked by local rival- 
ries, fewer than half the residents 
had returned, disaster reimburse- 
ments were held up by enormous 
tangles of red tape, and very little 
rebuilding had even started. Most 
of the progress that was made 
came from the grass-roots level, 
such as businesses, churches, vol- 
untary associations, and neighbors. 

So the political system tried and 
failed at authoritarianism and 
competition and got stuck, while 
the grass roots fell into collabora- 
tion and made progress. The polit- 
ical system, in its desire to manage 
everything, did little to empower 
the grass roots. 

Two aspects of our contempo- 
rary culture may be further disin- 
centives for collaboration. One is a 
belief that we can win in every 
negotiation by standing our 


eround [4]. This belief leaves little 
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room for a “we.” The other is a 
belief in “hero celebration”: we 
look for a hero in every successful 
group and give the credit to the 
hero alone. Who will collaborate if 
they think “we” will be stolen? 
Clearly it will take some work 
and practice on our part to under- 
stand how collaboration works 
and how to achieve it. 


STRUCTURE OF COLLABORATION 
The problem-solving process for 
a messy problem has three main 
stages: design, collaboration, and 
follow-through (see the figure 
here). Collaboration is fostered 
through a facilitated workshop. 
Variations of this process appear 
in Appreciative Inquiry [1], 
Straus Method [9], and Char- 
rettes [6]. The design stage iden- 
tifies all the interested parties and 
fruitful questions for them to 
explore. The facilitated workshop 
leads the participants through a 
five-stage process, described 
below. During the follow- 
through, teams organized at the 
workshop do their parts to imple- 
ment the solution. The five stages 
of collaboration are: 

1. Declare: The group’s leader 
or organizer declares a question for 
the group to consider. The ques- 
tion emphasizes new possibilities 
rather than current deficits. Each 
group member declares acceptance 
of the need or desire to work 
together on the issue, and open- 
ness to the perspectives of the oth- 
ers. Without the buy-in of 
everyone in the group, egos can 
get in the way and hijack the 
process. 

2. Connect: The members take 


time to become present and 
engaged with each other. They 
explain what concerns bring them 
to the gathering. They state their 
aspirations, what is at stake for 
each of them, and why they see a 
need for collaboration. They look 
for and acknowledge connections 
such as mutual friends, business 
interests, or education. 

3. Listen to and learn all per- 
spectives: Now the group speaks 
and listens, as openly as possible, 
to the concerns motivating each 
member on the issue. The goal is 
to expose all the concerns and 
learn how and why each matters 
to some member. Members tell 
stories showing how concerns 
affect their worlds. For example, 
“Low-wattage light bulbs matter 
to me. My company replaced a 
thousand incandescent bulbs and 
saved $5,000 on our electric bill 
in the first year. That’s a lot of 
cash for our little company.” The 
listening must be open and inclu- 
sive—seeking to gather many dif- 
ferent perspectives, and avoid any 
initial judgment that one is better 
than another. Conversation is for 
clarification—not justification or 
argument. Comments beginnin 
“What if ...” and “I wish ...” fit, 
but not “That won't work.” This 
stage is complete when no one 
has any further ideas to express; 
everyone appreciates that the 
group has multiple concerns to 
consider; many may see a com- 
mon core of concerns the group 
can work with. 

4. Allow a “we” to develop: 
Members of the group continue 
the conversation about what mat- 
ters for as long as necessary until 
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they develop the experience of a 
“we.” The early sign of group 
identity and solidarity is members 
making tentative proposals that 
recognize, respect, and even own 
the interests and concerns of the 
other members. The later sign is 
reconfiguration of concerns—for 
example, someone concerned for 
authoritarian, protective, anti-ter- 
rorist government might recon- 
figure into a concern for strong, 
safe, resilient community. The 
facilitator keeps the proposals 
tentative and the mood 
exploratory. The conversation 
will evolve into a shared feeling 
that we are all in the same mess 
together, and by staying together 
we can resolve the mess. The 
mess may start to unravel as the 
members become aware of and 
take care of their interlocking 
concerns. Occasionally, the mess 
will evaporate in the light of the 
reconfigured concerns of “we.” 

5. Create together: Now the 
group engages with the actual 
work of creating projects. Some 
will be variations of the tentative 
earlier proposals, others new. To 
win group support, projects must 
address multiple concerns. Mem- 
bers offer to lead projects; other 
interested parties join the project 
teams. The facilitator guides 
members with doubts about a 
proposed project to question in a 
“we” mood of exploration, clarify- 
ing objectives and exploring con- 
sequences. For example, instead of 
saying, “This project will be too 
expensive,” the member could ask, 
“How will we get the resources to 
do this? In my experience they 
will be considerable. Can we refor- 


mulate in a less expensive way?” 
As proposals are discussed and 
modified in this way, the group 
will identify the highest priorities 
and gravitate toward a small num- 
ber of possibilities. These can then 
be tuned for more effective action. 
The group’s final agreement on 
projects to take forward cements 
its solidarity and service to a larger 
cause. 

One of the facilitator's main 
duties is to manage the group's 
mood: it should be open and 
appreciative throughout. Openness 
encourages everyone to contribute 
ideas and disclose concerns. Appre- 
ciativeness invites creativity. The 
contrasting mood of problem-fix- 
ing tends to be narrow; it focuses 
on what’s wrong rather than what 
could be; it discourages group soli- 
darity [1]. The facilitator also dis- 
plays all new points learned, 
proposed, or created on shared 
computers or wall posters. This 
form of group memory helps 
everyone recall ideas belonging to 
the group as a whole [10]. 

Consider a scenario of a group 
of green and blue infrastructure 
advocates deciding to collaborate 
together despite the clash between 
their perspectives. Their discussion 
might evolve as follows. They dis- 
cover that some of their members 
are motivated green because 
beloved family members suc- 
cumbed to lung diseases. They 
discover that others are motivated 
toward security because their busi- 
nesses have been robbed at gun- 
point and because one of their 
companies went out of business in 
a blackout. They discover that all 


of them are hesitant to back a cen- 


tralized government solution 
because of the government's poor 
track record; they do not want to 
risk locking in a bad solution. 
They start speculating about grass- 
roots solutions that make it desir- 
able and fashionable to be both 
green and secure. They agree on 
committees and working groups 
that will sponsor contests for well- 
designed energy-efficient products 
and stimulate research into per- 
sonal home power plants that 
don’t depend on the grid being 


operational all the time. 


LIMITATIONS OF THIS STRUCTURE 
How far does the collaboration 
process scale? We know that it 
works for workshop-size groups 
(approximately 50-200 people). It 
extends to larger communities if 
the workshop represents them well 
and if the sponsors can support 
the project teams created by the 
collaborating group. What about 
messy problems that affect mil- 
lions of people? How do we bring 
about enough collaboration to 
influence so many? 

This of course is the central 
question in efforts to deal with 
large-scale wicked problems such 
as sustainable infrastructure or 
global warming. We dont yet 
know how to make the collabora- 
tion process scale up to enlist mil- 
lions of people in a solution. 
Currently, problems of such scale 
tend to be resolved by strong lead- 
ers who combine technology with 
political and media operations to 
inspire collaboration. For example, 
Candy Lightner and Cindy Lamb 
established Mothers Against 
Drunk Driving (MADD) as an 
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international movement. U.S. 
Senator George Mitchell estab- 
lished the “Mitchell Principles” 
that created a workable framework 
for dialogue that ultimately led to 
the peace agreement in Northern 
Ireland. Amory Lovins, who 
focuses on technical facts and 
avoids moral judgments, has 
helped clients as diverse as Wal- 
Mart and the U.S. Department of 
Defense deal with energy issues. 


CONCLUSION 

Collaboration occurs when a com- 
munity creates a solution to a 
messy problem that takes care of 
all their concerns at the same 
time. Collaboration is an ideal 
achieved far less often than it is 
invoked. It is often confused with 
information sharing, cooperation, 
or coordination. Most of our “col- 
laboration technologies” are actu- 
ally tools for information sharing. 
We have a few tools for coopera- 
tion and coordination, and very 
few for collaboration. 

Scaling up the known collabo- 
ration processes to country or 
world sizes will require significant 
advances in collaboration tools 
and networking. Their designs 
will be based on deep knowledge 
of the practices now used by the 
human facilitators of today’s 
processes. 

You can use the five-step col- 
laboration process anytime a 
small-scale collaborative solution is 
needed. You do not need the full 
process with workshop. The full 
process is most useful for achiev- 
ing collaboration within a large, 
more diverse community. 

Collaboration does not mean 
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Which one would you choose? 


The elephants? The whales? The clean air we breathe? 
Maybe the choice isn’t so clear. Maybe you'd like a way to keep them all. 
Now the world’s leading environmental groups are working together. 
To find out how you can help, look for us at www.earthshare.org. 


44% 
nd 
One environment. One simple way to care for it. 


Earth Share 
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that you give up or compromise 
your dearest concerns. It means 
designing a solution that recog- 
nizes your concerns. The process 
often leads to a reconfiguration of 
everyone’s concerns. The hallmark 
of successful collaboration is the 
experience of solidarity and new 
energy: a “we.” @ 
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Call for Nominations 


Call for Nominations for 
Advanced Member Grades 
In the ACM 


ACM has three distinct member 
grades to recognize the profes- 
sional accomplishments of our 
members: 

Senior Member recognizes 
those ACM members, with at least 
10 years of professional experi- 
ence, that have demonstrated per- 
formance and accomplishment 
that set them apart. The list of recip- 
ients is found on: _ http://awards. 
acm.org/homepage.cfm?awd=159 

Distinguished Engineer, Scten- 
tist, or Member recognizes those 
ACM members, with at least 15 
years of professional experience 
that have made significant accom- 
plishments or achieved a signifi- 
cant impact on the computing 
field. The list of recipients is found 
on:http://awards.acm.org/home 
page.cfm?awd=157 

Fellow is ACM’s most presti- 
gious member grade recognizing 
the top 1% of ACM members for 


their outstanding accomplishments 


in computing and information 
technology and/or outstanding ser- 
vice to ACM and the larger com- 
puting community. The list of 
recipients is foundon: http://fel- 
lows.acm.org/homepage.cfm?srt=all 


CRITERIA 

Senior Member 

° Five years continuous Profes- 
sional membership in ACM 

° Ten years of professional expe- 
rience 

* Demonstrated performance 
that sets the member apart 
from peers 

¢ Three endorsements from col- 
leagues (not necessarily ACM 
members) in the field 


Distinguished Engineer, 

Scientist, or Member 

* Five years continuous Profes- 
sional membership in ACM 

° Fifteen years of professional 
experience 


¢ Significant accomplishment in, 
or a significant impact on, the 
computing field 

Four endorsements from col- 
leagues in the field. Two of 
these endorsements must be 
from ACM Members. It is rec- 
ommended, but not required, 
that at least two of these 
endorsements be from ACM 
Fellows. Ideally, one of the 
four endorsements will be from 
a current or past employer or 
client. 


Fellow 

° Five years continuous Profes- 
sional membership in ACM 

* No specific requirement for 
years of professional experience 

* Outstanding accomplishments 
in computing and information 
technology and/or outstanding 
service to ACM and the larger 
computing community 

* Five to eight endorsements 
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from current ACM Professional 
Members—ideally ACM Fel- 


lows. 


NOMINATION PROCEDURES 
All nominations for advanced 
ACM member grades must be 
made through the ACM Web site: 

Senior Members are self-nomi- 
nating 
(www.acm.org/seniormember) 

Distinguished Engineers, Scien- 
tists, Members can be self-nominat- 
ing or may be nominated by a 
current ACM Professional Mem- 
ber http://amg.acm.org/public/ 
distinguishedmem- 
ber/nomination.cfm) 

Fellows must be nominated by 
an ACM Professional Member 
(http://amg.acm.org/public/fellow 


s/nomination.cfm) 


Notes: 

¢ In meeting the requirements for 
professional experience, educa- 
tional experience is credited as 
follows: 

- 3 years if the candidate holds a 
baccalaureate degree 

- 4 years if the candidate holds a 
master’s degree 

- 5 years if the candidate holds a 
doctorate 

* For all grades, candidates must 
have been an ACM Professional 
Member for at least five years 
immediately preceding the final 


date for submission of the 

respective nomination. 
° Although there is a natural pro- 
gression implied within these 
three grade levels, this progres- 
sion is not compulsory, i.e., if a 
candidate meets the require- 
ments of the membership grade 
it is not necessary to advance 
from one grade level to the 
next. 
Endorsers for Senior Member 
and Distinguished Engineer, 
Scientist, or Member must 
attest that: 
- They know the candidate and 

their work 
- The candidate has accurately 
described their achievements 
The accomplishments outlined 
in the nomination meet the 
endorsers’ best understanding 
of the criteria for Senior and 
Distinguished Member. 


1 


DEADLINES 
Senior Member nominations and 
endorsements must be received by 
May 31, 2008. Nominations are 
on a quarterly basis: May 31, 
2008; Aug. 31, 2008; Nov. 30, 
2008; Feb. 28, 2009. 

Distinguished Engineer, Scientist, 
Member nominations and endorse- 
ments must be received by July 31, 
2008. 

Fellow nominations and 
endorsements must be received by 
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Sept. 9, 2008. 


RECOGNITION 

ACM Senior Members and Distin- 
guished Members will receive a 
certificate and a specially anno- 
tated ACM membership card. 
There will be an announcement on 
the ACM Web site and in Commu- 
nications of the ACM listing the 
names of the Senior Members and 
Distinguished Members. 

ACM Fellows will receive a cer- 
tificate, a specially annotated ACM 
membership card and an ACM 
Fellow lapel pin. Their names will 
be listed in an issue of Communi- 
cations of the ACM and a letter of 
recognition will be sent to the chief 
executive at the Fellow’s place of 
employment. Formal induction 
ceremonies and presentation of 
Fellow certificates and pins will 
take place at the next annual ACM 
Awards Banquet. 


Please send any questions you 
may have about the Senior Mem- 
ber, Distinguished Member or 
Fellows Programs to: 
Senior@acm.org; 
Distinguished@acm.org; 
Fellow@acm.org; or Rosemary 
McGuinness (mcguin- 
ness@acm.org). 
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ACM Honors Distinguished and 


Senior Members 


ACM has three distinct member grades to recognize the professional accomplishments of its members. The 
list of those members recognized as ACM Fellows in 2007 was published in the March 2008 issue of Com- 
munications (p. 22). Here, we list those members named senior members and distinguished engineer, sci- 


entist, or member in 2007. 


The Distinguished Engineer, Scientist, or Member grade level recognizes those ACM members with at least 
15 years of professional experience and five years of continued ACM Professional membership that have made 
significant accomplishments or achieved a significant impact on the computing field. 

The Senior Member grade level recognizes those members with at least 10 years of professional experience 
and five years of continuous ACM Professional membership who have demonstrated performance that sets 


them apart from their peers. 


DISTINGUISHED ENGINEERS 
Andrea L. Ames, /BM Corporation 

John R. Douceur, Microsoft Research 
Richard Furuta, Texas A&M University 
Greg Ganger, Carnegie Mellon University 
Toshio Nakatani, JBM Research, Tokyo 
Raj Rajkumar, Carnegie Mellon University 
Stephen M. Trimberger, Xilinx, Inc. 


DISTINGUISHED SCIENTISTS 

Michael G. Burke, JBM TJ]. Watson Research Center 

Siddhartha Chatterjee, JBM T.]. Watson Research 
Center 

Nikil Dutt, University of California, Irvine 

Matthew B. Dwyer, University of Nebraska-Lincoln 

Kathleen Fisher, ATe*T Labs 

Lane A. Hemaspaandra, University of Rochester 

Jennifer C. Hou, University of Illinois at Urbana 
Champaign 

David J. Kasik, The Boeing Company 

John Riedl, University of Minnesota 

Mary Beth Rosson, Pennsylvania State University 


Michael S. Schlansker, Hewlett Packard 

Subhash Suri, University of California, Santa 
Barbara 

Fei-Yue Wang, Chinese Academy of Sciences; The 

University of Arizona 


SENIOR MEMBERS 

George K. Adam, Technological Educational 
Institute of Larissa, Greece 

Gail-Joon Ahn, University of North Carolina at 
Charlotte 

Anthony Aiuto, /ntegrated Computer Solutions 

Halundun Akpinar, Marmara University 

James A. Alves-Foss, University of Idaho 

Scott Ambler, JBM 

Sihem Amer Yahia, Yahoo! Research 

Paul Anderson, GrammaTech, Inc. 

Martin F. Arlitt, HP Labs/University of Calgary 

Ronald T. Azuma, HRL Laboratories 

Eduard Babulak, Fairleigh Dickinson University, 
Vancouver 

Ashok Banerji, Jones International University, India 
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Bill Bartgis, SPAWARSYSCEN Norfolk 

Dirk Bartz, University of Leipzig 

Azer Bestavros, Boston University 

Jun Bi, Tsinghua University 

Harvey Bingham, Bingham Associates 

Ronald D. (Shawn) Blanton, Carnegie Mellon 
University 

Athman Bouguettaya, Virginia Tech 

Ron Brightwell, Sandia National Laboratories 

Ian Brown, Oxford Internet Institute, Oxford 
University 

Francois Bry, University of Munich 

Eric W. Burger, Cantata Technology, Inc. 

Martin Carlisle, US Air Force Academy 

Catherine L. Carter, University of Maryland 

Curtis A. Carver, Jr., US Military Academy, 
West Point 

Goutam Chakraborty, /wate Prefectural University, 
Japan 

Naehyuck Chang, Seoul National University 

Richard (Mickey) Cheatham, /BM 

Yen-Kuang Chen, /ntel Corp. 

Jingde Cheng, Saitama University 

Kak Wah Chiu, Dickson Computer Systems, 
Hong Kong 

Jong Hyuk Choi, JBM T:/. Watson Research Center 

K.R. Chowdhary, J/NV University, Jodhpur, India 

Panos K. Chrysanthis, University of Pittsburgh 

Jen-Yao Chung, /BM T.J. Watson Research Center 

Chris Clifton, Purdue University 

Stephen G. Corbesero, Moravian College 

Priya Dakshinamoorthy, Software Architects, Inc. 

Akshay Darbari, Tata Elxsi Ltd., Bangalore 

Joseph G. Davis, The University of Sydney 

Anthony H. Dekker, DSTO 

Xiaotie Deng, City University of Hong Kong 

Mieso K. Denko, University of Guelph 

Steven J. DeRose, National Center for Biotechnology 
Information, NIH 

Murthy Devarakonda, JBM T:/. Watson Research 
Center 


John E Dooley, Knox College 
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Margaret J. Dunham, SVU 

Mohamed Y. Eltoweissy, Virginia Tech 

Tom Enderes, 7erawave Communications 

Michael E. Ensminger, PAR3 Communications 

Jeremy Epstein, Software AG, Inc. 

Babak Falsafi, Carnegie Mellon University 

Michael E. Farmer, University of Michigan-Flint 

Bassam S. Farroha, Johns Hopkins University 

Yishai Feldman, [BM Haifa Research Lab 

Antonio Fernandez, Universidad Rey Juan Carlos 

Barry B. Flachsbart, Missouri University of Science 
and Technology 

Karol Friiehauf, JVFOGEM AG 

Richard Puruta, Texas A&M University 

Corrado Giustozzi, Innovia Security 

Jack Goldberg, Goldberg Associates 

James J. Grimm, Info Trax Systems, LLC 

David P. Grove, JBM Research 

Daniel Guinier, OSJA 

Vijay K. Gurbani, Bell Laboratories/Lucent 
Technologies 

Martin P. Haeberli 

John A. Hamilton, Jr., Auburn University 

Haidar M. Harmanani, Lebanese American 
University 

Timothy L. Harris, Microsoft Research, Cambridge, 
UK 

Christopher G. Healey, North Carolina State 
University 

John S. Heidemann, UCS/Information Sciences 
Institute 

David K. Hemsath, JBM Corporation 

Christian Hess, Supreme Court of Justice, Costa Rica 

Michael M.T. Ho, City University of Hong Kong 

James P. Hobbs, Jntel Corporation 

Vasant G. Honavar, lowa State University 

Christian Horn, Broadcast Learning Ltd., Ireland 

Pao-Ann Hsiung, National Chung Cheng University 

Huosheng Hu, University of Essex 

Yu Charlie Hu, Purdue University 

Galen C. Hunt, Microsoft Research 

Keith Instone, BM 


Victoria L. Interrante, University of Minnesota 
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Viewpoi MC Daniel Kunkle and Gene Cooperman 


Solving Rubik’s Cube: 
Disk Is the New RAM 


Substituting disk for RAM, disk-based computation is a way to increase working 
memory and achieve results that are not otherwise economical. 


isk-based computation rep- 
De a major new use of 

disks, in addition to the 
three historical uses: file systems, 
J databases, and virtual memory. 
We recently demonstrated the 
importance of this fourth case 
by showing progress on a 25- 
year-old conjecture: determine how many moves 
suffice to solve Rubik’s Cube. We chose Rubik’s 
Cube because it has long served as a computation- 
ally challenging problem in which practitioners 
from a variety of disciplines have tested the efficacy 
of their techniques. 

Our working group coined the term “disk-based 
computation” to describe our five-year effort to 
make use of parallel disks in scientific computation, 
including the many disks already available in a com- 
putational cluster. In doing so, the humble disk is 
elevated to a status normally reserved for RAM. 
RAM equivalence gives an application several orders 
of magnitude more working space for the same 
financial price. Such parallel disk-based methods are 
often based on lower-level external memory algo- 
rithms (such as those surveyed in [3]). 

Our work reached the mainstream media in 2007 
when we showed that Rubik’s Cube can be solved in 
26 moves or less [1]. At its heart, our computation 
simply enumerates and stores possible configurations 
of the puzzle. But, with more than 4.3 X 10" possi- 
ble configurations, proving that 26 moves suffice 


requires many terabytes of main memory. It was 
only our insight that “disk is the new RAM” that 
enabled us to overcome this memory barrier. 

Rubik’s Cube is an example of a large enumera- 
tion problem for which disk-based computation 
may lead to breakthroughs in many different prob- 
lem domains, including group theory, hardware and 
software verification, coding theory, and constraint 
satisfaction. In them, one has an initial state, a 
method to produce neighboring states, and a need 
to store all reachable states. New powerful multi- 
core computers are beginning to allow us to generate 
neighboring states faster than ever before. However, 
the ability to do so often means we also reach the 
limits of RAM more quickly than ever before. 

Limiting ourselves to 4GB of main memory per 
computer is an arbitrary restriction not required by 
current technology. We are all conditioned by decades 
of history to regard disk as a hopelessly slow cousin to 
RAM. However, a simple back-of-the-envelope calcu- 
lation shows this does not have to be so. The band- 
width of commodity disks is on the order of 
100MB/s. A computer cluster with 50 disks provides 
50 times the aggregate bandwidth, or SGB/s, which is 
close to the bandwidth of commodity RAM. Thus 50 
local disks provide the moral equivalent of a single 
extremely large RAM subsystem. 

Viewed this way, a 50-node scientific computing 
cluster would be able to perform like a powerful 
parallel computer endowed with a single 10TB 
RAM subsystem. Justifying the use of distributed 
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Despite the fact that RAM stands for random access memory, we would almost 
never use the “new RAM” (disk) in random-access mode. 


disks as a multi-terabyte main memory requires a 
small amount of math, as well as several somewhat 
larger caveats. A typical scientific computing cluster 
includes 200GB of often-unclaimed disk space per 
computer. A 50-node cluster provides 10TB of disk. 
As a nice side benefit, in today’s commodity com- 
puter market, this 10TB of idle local disk space is 
essentially free. 

How can we treat 10TB of disk space as if it were 
RAM? The answer depends on consideration of disk 
bandwidth, disk latency, and network bandwidth: 

Thesis. Because 50 disks provide approximately 
the same bandwidth as a single RAM subsystem, the 
local disks of a computer cluster can be regarded as if 
they were a single very large RAM subsystem; 

Caveat 1. Disk latency is much more limiting 
than disk bandwidth. Therefore, despite the fact that 
RAM stands for random access memory, we would 
almost never use the “new RAM” (disk) in random- 
access mode. The old-fashioned RAM already serves 
as our random-access cache; 

Caveat 2. The new RAM is distributed across the 
local-area network. The aggregate network band- 
width of a cluster (even gigabit Ethernet) may not 
fully support the ideal 5GB/s aggregate bandwidth 
of the new RAM. Parallel algorithms must therefore 
be restructured to emphasize local access over net- 
work access. (This restriction is familiar to practi- 
tioners, who have long been aware of the 
impossibility of accessing traditional remote RAM at 
full speed over the network.) 


TESTBED 

The details of the Rubik’s Cube computation illus- 
trate the benefits of disk-based computation. 
Whereas people usually solve Rubik’s Cube in four 
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or five stages, each involving fewer than one mil- 
lion combinations, the large main memory of disk- 
based computation allows a programmer to provide 
a two-stage solution where the largest subproblem 
involves 10'* combinations. 

A person might first solve the top layer of the 
Cube (with nine smaller cubies, or individual box- 
like segments), then the bottom layer, and finally the 
remaining middle pieces. Solving the bottom and 
middle layers requires the use of macro moves, or 
sequences of moves that preserve the previous layers. 

The programmer solves each of the two subprob- 
lems by performing a breadth-first search over all 
possible configurations, starting with the solved 
state. For the smaller of the two subproblems (10° 
configurations), this is easy. 

For the larger of the two subproblems (10 con- 
figurations), we first used the symmetries of Rubik's 
Cube to reduce it to 10” configurations. We then 
analyzed several possible algorithms, settling on the 
final version, enumerating the 10” configurations in 
63 hours with the help of 128 processor cores and 
7TB of disk space. 


enumeration algorithm to execute on disk is 

how to efficiently perform duplicate detection, 
that is, to determine when a newly generated state 
has been seen before. This is typically done using a 
hash table or some other data structure that relies on 
random access. In the disk-based version, we avoid 
random access by delaying duplicate detection and 
collect many new states we check for duplicates in a 
later phase. 

A brief description of the methods we considered 

when solving Rubik’s Cube illustrates the kinds of 


T: primary difficulty in trying to extend a naive 


data structures and algorithms we have found useful 
in disk-based computation. The first method is 
based on external sort—a well-known disk-based 
sort that avoids random access at the cost of per- 
forming several passes through the data. New states 
discovered during the breadth-first search are saved 
to disk without checking for duplicates. When an 
entire level of the search is completed, the new states 
are externally sorted and merged into a sorted list 
containing all previously discovered states. 

In this way, we eliminate random-access data 
structures, using sorted lists in their place. Eliminat- 
ing random access comes at the cost of having to 
maintain the sorted order of the lists. Further, this 
method requires that we save all known states. For 
our Rubik’s Cube computation, storing all configura- 
tions would require 11TB, not counting the buffer 
space for newly generated states. 


he second method avoids storing all seen states 

and also removes the need for expensive exter- 

nal sorting operations. Instead of explicitly stor- 
ing the known states, we use a disk-based table to 
record the previously discovered states. To avoid ran- 
dom access, we split this table into contiguous pieces 
such that each piece fits into RAM. When perform- 
ing duplicate detection, we load one piece of the 
table into RAM at a time and remove duplicate 
states that correspond to that portion of the search 
space. 

Even though this method avoids storing explored 
states, it still requires the storage of the open list of 
new states from which duplicates have not been 
removed. For our Rubik’s Cube computation, the 
open list has a maximum size of 50TB. To avoid this 
limitation, we use a technique we call implicit 
open list to encode the open states using a hash 
table, rather than an explicit list. This allows us to 
complete the computation using just 7T'B of disk 
space. 


ORGANIZING PRINCIPLE 
A unified framework is required to broaden the 
appeal of disk-based computation beyond Rubik's 


Cube. Our team is now searching for an organizing 


principle that will allow for the construction of a 
software library or language extension that does for 
disk-based computation what numerical libraries 
have done for numerical analysis. As an initial step, 
we have begun a comparative analysis of eight dif- 
ferent techniques for disk-based enumeration [2]. 
This analysis is based on the methods we used for 
Rubik’s Cube, along with our solutions to several 
model problems in computational group theory. 

The search cuts across many areas of computer 
science. For example, in systems and architecture, 
how can we design disk-based computations to bal- 
ance the use of CPU, RAM, network, and disk? In 
theory and algorithms, what class of computations 
can be converted to efficient disk-based computa- 
tion? In software engineering and programming lan- 
guages, how can we separate disk-specific data 
structures and algorithms from problem-specific con- 
cerns? By answering such questions, we will advance 
the use of disk-based computation, enabling solu- 
tions to problems requiring even petabytes of 
memory. @ 
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BY RYAN WEST 


THE PSYCHOLOGY 
OF SECURITY 


Why 00 good users make 


bad dectstons ? 


“... [the system] must be easy to use and The importance of the user in the suc- 


must neither require stress of mind nor cess of security mechanisms has been 
the knowledge of a long series of rules... recognized since Auguste Kerckhoffs 


Aueusre Kexceiomson tae Published his treatise on military cryp- 
DESIGN OF CRYPTOGRAPHIC systems ‘tography, La cryptographie militaire, 
(La cryptographie militaire, 1883) over a century ago. In the last decade, 
there has been tremendous increase in 

awareness and research in user interac- 

tion with security mechanisms. 

Risk and uncertainty are extremely difficult concepts for peo- 

ple to evaluate. For designers of security systems, it is important 

to understand how users evaluate and make decisions regarding 
security. The most elegant and intuitively designed interface does 

not improve security if users ignore warnings, choose poor set- 

tings, or unintentionally subvert corporate policies. The user 
problem in security systems is not just about user interfaces or system 


Pe tice 
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interaction. Fundamentally, it is about how people 
think of risk that guides their behavior. There are 
basic principles of human behavior that govern how 
users think about security in everyday situations and 
shed light on why they undermine security by acci- 
dent. 

This article offers a brief introduction to research 
on risk, uncertainty, and human decision making and 
how they relate to users making security decisions, 
and provides a few key concepts and possibilities in 
how they may be used to improve users’ security 
behavior. 

Non-acceptance of security tools is recognized as a 
major problem facing the information security world 
[5]. Research in the usability of security mechanisms 
has exploded over the last decade and an excellent 
trove of research papers is cataloged by the HC/Sec 
Bibliography hosted atwww.gaudior.net/alma/bib- 
lio.html. Among the studies listed there is a mountain 
of evidence that mechanisms for encryption, autho- 
rization, and authentication can be difficult for peo- 
ple to understand or use [1, 9] and that people often 
fail to recognize security risks or the information pro- 
vided to cue them [3, 4]. Accordingly, researchers 
have promoted the need for user-centered design 
throughout the development process and warn that 
usability testing security systems only at the end of 
the process does not guarantee a usable or acceptable 
system [7, 11, 12]. 

However, there is more to this than interaction 
with technology. Human decision making has been a 
topic of study in social sciences from economics to 
psychology for over a century. The net sum of that 
research suggests that individuals are often less than 
optimal decision makers when it comes to reasoning 
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People tend to believe they are less vulnerable 
to risks than others. People also believe they are less 
likely to be harmed by consumer products compared to 
others. It stands to reason that any computer user 
has the preset belief that they are at less risk of a 
computer vulnerability than others. 


about risk. However, we have predictable and 
exploitable characteristics in our decision-making 
process. Understanding these principles and how 
users come to make decisions about security may sug- 
gest places where we can improve the outcome of the 
decisions. 

Users do not think they are at risk. First of all, 
people tend to believe they are less vulnerable to risks 
than others. Most people believe they are better than 
average drivers and that they will live beyond average 
life expectancy [6]. People also believe they are less 
likely to be harmed by consumer products compared 
to others. It stands to reason that any computer user 
has the preset belief that they are at less risk of a com- 
puter vulnerability than others. It should come as no 
surprise that, in 2004, a survey from AOL and the 
National Cyber Security Alliance reported that 
roughly 72% of home users did not have a properly 
configured firewall and that only one-third had 
antivirus virus signatures updated within the past 
week. 

Even as security measures improve, users will 
remain at risk. There is evidence that individuals 
maintain an acceptable degree of risk that is self-level- 
ling, known as risk homeostasis.’ Applied to security, it 
suggests that as users increase their security measures, 
they are likely to increase risky behavior. For example, 
the user who has just installed a personal firewall may 
be more likely to leave his machine online all the 
time. 

Users aren't stupid, they're unmotivated. In social 


‘America Online and the National Cyber Security Alliance. AOL/NCSA Online 
Safety Study, 2004; — www.staysafeonline.info/news/safety_study_v04.pdf. 
°GJ.S. Wilde. Targer Risk 2: A New Psychology of Safety and Health. PDE Publications, 
Toronto, Ontario, 2001. 


From Windows Explorer: UI #1 

|. Right click on folder in public share (invokes Ul #2) 
2. Click on Properties in context menu (invokes Ul #3) 
3. Click on Sharing tab (invokes Ul #4) 

4. Click Share... (invokes Ul #5) 

5. Enter the User or Group name to share with 


6. Click Add (automatically sets permission level to “Reader” which sets ACEs for Read, Read & Execute, 


and List Folder Contents) 
7. Click Share (invokes Ul #6) 
8. Click Done (returns to Ul #3) 
9. Click Close (returns to UI! #1) 


cognition, the term is cognitive miser. Humans have a 
limited capacity for information processing and rou- 
tinely multitask. As a result, few tasks or decisions 
receive our full attention at any given time. To con- 
serve mental resources, we generally tend to favor 
quick decisions based on learned rules and heuristics. 
While this type of decision making is not perfect, it 
is highly efficient. It is efficient in the sense it is 
quick, it minimizes effort, and the outcome is good 
enough most of the time. This partially accounts for 
why users do not reliably read all the text relevant in 
a display or consider all the consequences of their 
actions. 

Safety is an abstract concept. When evaluating 
alternatives in making a decision, outcomes that are 
abstract in nature tend to be less persuasive than out- 
comes that are concrete [2]. This is key to under- 
standing how users perceive security and make 
decisions. Often the pro-security choice has no visible 
outcome and there is no visible threat. The reward for 
being more secure is that nothing bad happens. Safety 
in this situation is an abstract concept. This, by its 
nature, is difficult for people to evaluate as a gain 
when mentally comparing cost, benefits, and risks. 

Compare the abstract reward (safety) garnered 
from being more secure against a concrete reward like 
viewing an attachment in instant messaging or Web 
content that requires a browser add-on and the out- 
come does not favor security. This is especially true 
when a user does not know what his or her level of risk 
is or believes they are at less risk than others to start. 
Returning to the principle of the cognitive miser, the 
user is also more likely to make a quick decision with- 
out considering all of the risks, consequences, and 
options. 

Feedback and learning from security-related deci- 
sions. The learning situation created by many com- 
mon security and risk decisions does not help either. 
In a usual learning situation, behavior is shaped by 
positive reinforcement when we do something 
“tight.” We do something good, we are rewarded. In 
the case of security, when the user does something 
good, the reinforcement is that bad things are less 
likely to happen. There is seldom an immediate 


reward or instant gratification, 
which can be a powerful reinforcer 
in shaping behavior. 

In another common learning 
situation, behavior is shaped by 
negative reinforcement when we 
do something “wrong.” We do 
something bad, we suffer the con- 
sequences. In the case of security, 
when the user does something 
bad, the negative reinforcement 
may not be immediately evident. 
It may be delayed by days, weeks, 
or months if it comes at all. Cause 
and effect is learned best when the 
effect is immediate and the anti- 
security choice often has no 
immediate consequences. This 
makes learning consequences difficult except in the 
case of spectacular disasters. 

Evaluating the security/cost trade-off. While the 
gains of security are generally abstract and the nega- 
tive consequences are stochastic, the cost is real and 
immediate. Security is integrated into systems in such 
a way that it usually comes with a price paid in time, 
effort, and convenience—all valuable commodities to 
users. 

For example, in the simplest case—restricting 
access to a public share in Microsoft's Windows Vista 
to a group of users—requires about nine separate steps 
and six distinct user interfaces (see Table 1). While 
each step seems small, they add up a real cost to users. 
In deciding what to do, users weigh the cost of the 
effort against the perceived value of the gain 
(safety/security) and the perceived chance that noth- 
ing bad would happen either way. 

Making trade-offs between risk, losses, and gains. 
Given that security gains are often intangible, the 
costs known, and the negative consequences involve 
probabilities, we can look at several known factors at 
play when people evaluate risks, costs, and benefits. 

Users are more likely to gamble for a loss than 
accept a guaranteed loss. First of all, people react to risk 
differently depending on whether they think they are 
primarily gaining something or losing something. T'ver- 
sky and Kahneman [8] showed that people are more 
likely to avoid risk when alternatives are presented. as 
gains and take risks when alternatives are presented as 
losses. For example, consider the following scenario 
where a person has to decide between two options pre- 
sented as gains: 


Table 1. Nine steps 
and six Uls are 
required to set file 
permissions on a 
public share in 
Windows Vista. It 
takes four steps just 
to find the settings. 


Scenario 1: 


A) Gain $5 at no risk 
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B) Gain $10 if a coin toss 
lands heads up 


When Tversky and Kahne- 
man used a similar sce- 
nario, 72% of those 
surveyed chose the sure bet 
offered by option A 
because there was less risk 
and the outcome was guar- 
anteed. Now consider a 
similar scenario presented 
as a choice between two 
losses: 


Perceived 
Loss 


Scenario 2: 

A) Lose $5 guaranteed 

B) Lose $10 if a coin toss 
lands heads up 


When Tversky and Kahneman framed their scenario 
as a choice between losses, 64% of the respondents 
chose option B. People tended to focus on the 
chance to not lose anything offered in B compared 
to the sure loss guaranteed by option A. 

When evaluating a security decision, the negative 
consequences are potentially greater of course, but the 
probability is generally less and often unknown. The 
principle holds true. When there is a potential loss in 
a poor security decision compared to the guaranteed 
loss of making the pro-security decision, the user may 
be inclined to take the risk. For example, consider the 
choice between two losses in a common security deci- 
sion involving the download and installation of a dig- 
ital certificate and ActiveX control from an unknown 
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Motivating Value 


source. In this scenario, 
the primary goal is to 
view the Web page con- 
tent: 


Scenario 3: 

A) Do not install digi- 
tal certificate and 
ActiveX control from 
unknown source and 
do not view the con- 
tent of the Web page 
(fail on primary 
goal), guaranteed. 

B) Install digital cer- 
tificate and ActiveX 
control from 
unknown source, 
view the Web page 
(accomplish primary 
goal), and take a 
chance that some- 


Perceived 
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Figure 1. Losses carry more value 
compared to gains when both are 
perceived as equal. For non-zero 
values, if value of loss (X) = value of 


gain (Y), then motivation of loss : 

(A) > motivation of gain (B) thing bad happens. 
(Adapted from Tversky and 

Kahneman [8]. Like Scenario 2, some 


users will chance that 
nothing bad will happen in order to achieve their 
primary goal than accept the task failure guaranteed 
by option A. Furthermore, if there are no immediate 
and obvious negative consequences incurred by 
option B, the user learns it is an acceptable decision 
and is more likely to repeat it in the future. The 
everyday security decisions end users make, like 
opening file attachments, are often presented in the 
form of losses as in Scenario 3. 


People do not perceive gains and loss equally. 
This suggests that while a system designer may 
consider the cost of security effort small, the loss 
could be perceived as worse than the greater gain 
in safety. Put simply, the user must perceive a 
greater magnitude of gain than of loss. 


Security asa secondary task. Microsoft Word 


People tend to focus more on 
the losses that will affect their 
immediate goal than the gains 
when making decisions under 
time pressure [12]. Users are 
often called on by the system to 
make a security decision while 
they are in the middle of an 
activity. In these cases, the user 
is often motivated to get on 
with the primary task as quickly 
as possible and, therefore, less 
likely to make a decision that 
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A Do you want to save the changes to Document1? 
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Error 660: There was no dial tone. 


Allowing active content such a6 sort and Activex controls can be useful, 
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wise, end users must be moti- 
vated to take pro-security 
actions. 

Increasing the immediate and 
tangible reward for secure actions 
may increase compliance. One 
form of reward is to see that the 
security mechanisms are working 
and that the action the user chose 
is, in fact, making them safer. 
This makes safety a visible gain 
when evaluating gains and losses 
in a security decision. 


A good example of this is 


cals 


further interrupts that task. In 
cases where users are prompted to install software 
updates, scan a file for viruses before opening, and so 
forth, users are less likely to comply when in the mid- 
dle of another task, especially if in a hurry. 

Losses perceived disproportionately to gains. Peo- 
ple do not perceive gains and losses equally. Tversky 
and Kahneman [8] showed that when individuals per- 
ceive a gain and a loss to have the same value, the loss 
is more motivating in the decision (see Figure 2). In 
short, this means that a loss of $100 is more adverse 
than a gain of $100 is attractive to a decision maker. 


This suggests that while a 


when an antivirus or antispy- 
ware product finds and removes 
malicious code. In these cases, 
the security application often 
issues a notification that it has 
found and mitigated a threat. 
This is an effective way for a 
security system to prove its value to the user by show- 
ing there was a risk and that the system protected 
them. By returning to the access control scenario for 
file sharing, it would be possible to report attempts at 
unauthorized access to the file owner. 

Improve the awareness of 


Figure 2. Can you spot 
the security message? 
Message dialogs often 
look similar enough that 
no message stands out 
as more important that 
than others. 


system designer may consider 
the cost of security effort small, 
the loss could be perceived as 
worse than the greater gain in 
safety. Put simply, the user 
must perceive a greater magni- 
tude of gain than of loss. 
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IMPROVING SECURITY 
COMPLIANCE AND 
DECISION MAKING 
Using the principles at work 
in security decision making, 
there are several avenues that 
may improve user security 
behavior. 

Reward pro-security behay- 
ior. There must be a tangible 
reward for making good secu- 
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risk. As discussed earlier, people 
often believe they are at less risk 
compared to others. One way to 
increase security compliance is to 
increase user awareness of the 
risks they face. This could be 
achieved through user training 
and education in general but 
should also be built into systems 
to support specific events. 

One classically deficient area 
in the security of systems is mes- 
sages and alerts. Security mes- 
sages often resemble other 
messages dialogs (Figure 2). As a 
result, security messages may not 
stand out in importance and 
users often learn to disregard 
them. 


{x] 


rity decisions. Some suggest 
that corporate IT organiza- 
tions would be encouraged to 
adopt stronger security prac- 
tices if insurance companies 
offered lower premiums to 
those who protect themselves 
by certain measures [5]. Like- 


Figure 3. Can you spot the 
security message? (Part 2) 
Well-designed security 
messages have distinct 
visual and auditory 
properties that make them 
stand apart from all other 
message dialogs and 
indicate the criticality of 
the message. 


To avoid the response bias 
problems faced by most message dialogs, security mes- 
sages should be instantly distinguishable from other 
message dialogs. Security messages should look and 
sound very different (illustrated in Figure 3). This 
helps mitigate the blasé attitude with which users 
attend to the information. Once the message dialog 
has the user’s attention, they are more likely to read 
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and consider the choices given to them. 

Catch corporate security policy violators. Increas- 
ing the awareness of risk could also mean increasing 
the likelihood that a corporate user is caught violating 
security policy. Having a corporate security policy 
that is not monitored or enforced is tantamount to 
having laws but no police. If the security systems have 
good auditing capabilities and are watched by event 
monitoring systems, users who make poor security 
decisions could be “caught” in a way. This would 
serve as an immediate negative consequence by itself. 
Like automated systems at traffic lights that snap pic- 
tures and issue violations to drivers that run red lights, 
users who make poor security decisions could receive 
automated email notifications of their actions and the 
corporate policy or safe computing practice. In gen- 
eral, the best deterrent to breaking the rules is not the 
severity of consequences but the likelihood of being 
caught. 

Reduce the cost of implementing security. Obvi- 
ously, if users need to take additional steps to increase 
their level of security, they will be less likely to do so. 
As the cost of implementing security increases, the 
overall value of the decision decreases. To accomplish 
a task, users often seek the path of least resistance that 
satisfies the primary goal. It should be common 
knowledge that in making the secure choice the easi- 
est for the user to implement, one takes advantage of 
normal user behavior and gains compliance. 

Another way to reduce the cost of security is, of 
course, to employ secure default settings. Most users 
never change the default settings of their applications. 
In this way, one increases the cost to make non-secure 
decisions in terms of time and effort. While good 
default settings can increase security, system designers 
must be careful that users do not find an easier way to 
slip around them. For example, users who are directed 
by their IT departments to use strong passwords 
across multiple systems are more likely to write them 
down [1]. 


CONCLUSION 
Core to security on an everyday basis is the compli- 
ance of the end user, but how do we get them to 
make good decisions when they are often the weak- 
est link in the chain? Users must be less motivated to 
choose anti-security options and more motivated to 
choose pro-security options. Obviously, no one 
would suggest training end users with USB devices 
that deliver an electric shock or food pellet reward 
based on their actions. But, generally speaking, we 
can increase compliance if we work with the psy- 
chological principles that drive behavior. 

The ideal security user experience for most users 
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would be none at all. The vast majority would be con- 
tent to use computers to enrich their lives while tak- 
ing for granted a perfectly secure and reliable 
infrastructure that makes it all possible. Security only 
becomes a priority for many when they have prob- 
lems with it. However, now, and in the foreseeable 
future, users are in the control loop. We must design 
systems with an understanding that, at some point, 
must make a decision regarding security. The ques- 
tion is, what will they decide? 
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The Business of 


OPEN SOURCE 


Tracking the changing competitive condttions of 
the software industry. 


n his discourse comparing various economic 
systems, Schumpeter [5] declares it is new 
products, new markets, and new forms of 
production and distribution that impel the _ 
creative destruction engine of free enterprise. 
Entrepreneurs strategically weave an organi- | 
zational design of customer value, product 
offering, and production and distribution 
technologies that enables them to compete 
with, and often displace, existing organiza~ 
tions. Customers decide whether to accept the new firm's 
offerings based on their perceptions of value. 
Open source software (OSS) appears to be creative 
destruction in action: all three of the components that fuel 
the destructive fire are evident. There is an abundance of 
new and innovative products emerging from the OSS com- 
munity. The zero-cost licensing structure of most open 
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source projects has opened up the acceptance of these 
products into a number of previously untapped mar- 
kets. The Internet has created an environment in 
which software distribution costs are approaching 
zero. Products freely and rapidly flow across borders. 
There is no packaging—no shelf-space requirements. 
OSS is not confined to one economic system. It 
overcomes both the tyranny of distance [1] and 
oppression of borders. OSS also espouses new 
methods of software production that utilize the 
public as the production mechanism and allows for 
coordinated, location-agnostic access to the raw 
materials for these new products. 

To assess if OSS has the potential to revolution- 
ize the development and distribution of software, 
we must first understand how the entities involved 
in the development of such software are organized. 
Because different business models are not equal in 
their capacity to create value, we must analyze each 
particular blend of customer, product, and produc- 
tion and distribution mechanism. After presenting 
five models underlying the software development 
business, we focus our attention on the one that 
has perhaps the most disruptive potential. 


THE Business MobELs 

We distinguish five models of software produc- 
tion or distribution: proprietary, open commu- 
nity, corporate distribution, sponsored OSS, and 
second-generation OSS. Whereas the first two 
constitute the extremes of the closed-open con- 
tinuum, the other three are hybrids of closed and 
open models. 

Proprietary and Open Communities. Propri- 
etary and open communities both have their ori- 
gins in the early days of computing, when some 
people freely exchanged code while others recog- 
nized there were customers for their programs and 
accordingly sold executable versions of their prod- 
ucts while carefully securing the source. 

The proprietary model has dominated the mar- 
ketplace for decades. Firms employ programmers to 
develop software and customers purchase it. The 
code is considered a major intellectual resource, and 
traditional software firms protect their code from 
outside eyes by erecting physical and legal firewalls 
between their code and the outside world. Propri- 
etary firms rely heavily on both copyright law—to 
ensure that “leaked” source code cannot legally be 
used in a competing product—and patent law—to 
protect their intellectual property from duplication. 
While the code is most often sold for license fees, 
proprietary firms can and do distribute their prod- 
ucts as freeware. It is not the price that distinguishes 
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proprietary software but rather the public’s inability 
to view and modify the source code. 


t the other extreme is the 
open community model, 
which involves the devel- 
opment and support of 
software by volunteers 
with limited or no com- 
mercial interest. This 
model dominates the OSS 
movement in terms of number of projects. Many of 
them can be located through large, Internet-based 
project management and source code repositories 
such as SourceForge, which hosts over 170,000 soft- 
ware projects.' While the majority of these projects 
involve only one or two developers and have a small 
number of users, many have a vast base of both devel- 
opers and users and have produced products that pro- 
vide unique functionality or offer compelling 
alternatives to commercial products. 

Corporate Distribution. Based on the high level of 
adoption for many OSS products, it seems apparent 
that quality products are being produced through the 
open community model. However, some entrepre- 
neurs recognize that identifying appropriate products, 
interacting with open communities for support, and 
developing the required support skills can be chal- 
lenging for many potential OSS customers. As a 
result, firms, such as RedHat, SpikeSource, and 
OpenOSX, have emerged to create value (and gener- 
ate revenue) by identifying best-of-breed OSS proj- 
ects, improving distribution methods for these 
products, and providing complementary services in 
order to make these OSS products more accessible to 
a broader market. 

Sponsored Open Source. Corporations and foun- 
dations sponsor some OSS projects. For example, the 
Apache Software Foundation fosters the development 
of the Apache server and over 50 other OSS projects. 
Some corporate sponsors directly contribute develop- 
ment resources to OSS projects. IBM is a high-profile 
example of a corporation contributing developers to 
Apache's Web server. In some cases, sponsored OSS 
projects have been initiated by corporations releasing 
previously closed code and encouraging their employ- 
ees to continue to work on the now open project. 
Eclipse, an integrated software development environ- 
ment, was released as OSS by IBM, whose developers 
are still primary contributors to the project. 

Second-Generation Open Source. Second-genera- 


TAs of late February 2008, SourceForge hostsed 170,539 projects. 


tion open source (OSSg2)—also known as profes- 
sional open source—firms are essentially a hybrid 
between corporate distribution and sponsored OSS. 
As with the corporate-distribution model, OSSg2 
companies typically generate the bulk of their rev- 
enues by providing complementary services around 
their products [3]. Like sponsored projects, OSSg2 
firms provide the majority of the development 
resources required to create and maintain their prod- 
ucts. However, unlike most cor- 
porate-distribution companies, 
OSSg2 firms generally do not 
sell licenses for their products,’ 
and unlike most sponsored 
projects, OSSg2 firms typically 
own or tightly control the soft- 
ware code and can exploit their 
intimate knowledge of the code 
to provide higher-quality service 
than could potential competing 
service providers. As the leading 
OSSg2 firms (including JBoss,” 
MySQL, Trolltech, and Sleepy- 
cat’) are privately held or have 
been acquired, we do not have 
data on their profitability. How- 
ever, based on interviews with 
the CEOs of the four firms mentioned here, it appears 
they are cash-flow positive while growing rapidly. 

We contend that OSSg? firms have a very promis- 
ing business model that could emerge as a dominant 
model for OSS development in the coming years. 
Here, we examine four leading OSSg2 companies, 
highlighting three important benefits of their business 
models. 


EVALUATING THE OSSG2 Business MODEL 

We studied four companies that are among the 
OSSg2 leaders. In order of business longevity, these 
are Trolltech, MySQL, Sleepycat, and JBoss. Three 
important characteristics of the OSSg2 model exhib- 
ited by these firms that lead to specific benefits are: 
accountability (and the benefit of reduced liability 
problems); talent base (and the associated benefits 
for code quality and support); and ecosystem (and 
the associated benefits of trialability and quality 
assurance). These benefits should improve the value 
proposition to customers for OSSg2 products and 
are central to our contention that OSSg2 is a threat 


2As discussed here, some OSSg2 firms offer a proprietary license for organizations not 
wishing to comply with the terms of the OSS licensing model. 

3JBoss was acquired by RedHat, Inc. in April 2006. 

4Sleepycat was acquired by Oracle, Inc. in February 2006. 


to traditional software firms. To quote Marc Fleury, 
former CEO of JBoss: “We (OSSg2 companies) are 
proving that professional open source can do it bet- 
ter and faster and cheaper than our traditional com- 
petitors.”> How the OSSg2 model addresses three 
specific strategic risks is discussed later in this article. 

OSSg2 Leaders. Trolltech was founded in Norway 
in 1994 and currently has more then 4,400 cus- 
tomers. It manages two software products: Qt, a cross- 


Pe different business 


models are not equal in their capacity to 
create value, we must analyze each particular 
blend of customer, product, and 
production and distribution mechanism. 


platform application development library, and 
Qtopia, an application platform built for embedded 
Linux. A second OSSg2 leader, MySQL, was founded 
in Sweden in 1995. In mid-2007, MySQLs OSS rela- 
tional database had 11 million active installations. 
MySQL is an attractive alternative to higher-cost rela- 
tional systems from commercial vendors. A third 
leader is Sleepycat Software, a U.S. company founded 
in 1996. Its flagship product, Berkeley DB, is an OSS- 
developer database that boasts over 200 million 
deployments. Finally, JBoss Inc., a U.S. company 
founded. in 2001, provides middleware through its 
JEMS (JBoss Enterprise Middleware System) portfo- 
lio of products. Three of these products are currently 
market leaders: JBoss AS (a J2EE-compliant applica- 
tion server), Hibernate (an object-relational mapping 
solution), and Tomcat (a Java Servlet container). 
JBoss’s former CEO, Fleury, who coined and trade- 
marked the “Professional Open Source” label, has 
greatly influenced the OSSg2 business model [6]. 
There are differences among these OSSg2 compa- 
nies. First, Trolltech, MySQL, and Sleepycat are based 
on a dual-license strategy offering both commercial 
and OSS licensing options. Customers may use a 
product without paying a license fee; however, if they 
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augment the original source code and do not wish to 
release the modifications under an OSS license, they 
must buy a commercial license. Mike Olson, former 
CEO of Sleepycat, acknowledges that the dual licens- 
ing strategy is a “great judo trick for competing with 
proprietary vendors.” JBoss is based on a Lesser Gen- 
eral Public License (LGPL) license and only receives 
revenues from services including software support, 
training, and consulting. A second difference is that, 
whereas ‘Trolltech, MySQL, and Sleepycat own the 
source code underlying their products (which allows 
them to offer a dual-licensing scheme), JBoss does not 
own the code of the software 
products it services. Neverthe- 
less, as an OSSg2 firm, it con- 
trols the code more tightly than 
companies based on the other 
OSS business models. For 
example, the extent of its contri- 
bution to its three leading prod- 
ucts is 85% for JBoss AS, 95% 
for Hibernate, and 60% for 


Tomcat [4]. 
OSSg2 Characteristics 
Improve Customer Value. 


Three key traits of OSSg?2 firms 
provide specific benefits to their 
customers and can thus improve 
their value proposition. 

Accountability. All four 
OSSg2 companies we studied indemnify their paying 
customers from any legal liability associated with their 
products (potential patent or copyright infringe- 
ments). The indemnity provision provides a necessary 
level of security for potential adopters of OSSg2 prod- 
ucts who are still apprehensive about OSS. This 
accountability may do more than just bring OSSg2 
companies to parity with proprietary software ven- 
dors. Sleepycat’s former CEO, Mike Olson, asserts 
the risks of patent infringements and copyright prob- 
lems are lower for an OSSg2 company: “Anyone that 
wants to can look at my software. If there was a claim 
pending, if I had stolen something, it is overwhelm- 
ing likely that it would have been seen by now. [...] 
No proprietary vendor's customer has that degree of 
assurance. If there has been intellectual property mis- 
appropriated in that product, it is a secret and it may 
still be lurking” [7]. 

From Olson’s perspective, OSSg2 companies offer 
greater peace of mind than proprietary firms, because 
patent or copyright infringements should be uncov- 
ered relatively early—reducing the impact the copy- 
right infringements may have on adopting customers’ 
systems. 
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Talent base. Each OSSg2 company retains talented 
coders, wherever they are located, to maintain and 
support its software products. Indeed, all four OSSg2 
leaders insist they recruit from among the world’s best 
and most productive programmers, drawing not only 
from the immense pool of first-generation OSS con- 
tributors, but also from a growing collection of 
emerging talent. MySQL and JBoss allow their pro- 
grammers to live wherever they wish. In addition, 
recruitment is different. Typically, those employed by 
OSSg2 companies have an established record of con- 
tributing code and identifying bugs as volunteers 


Oren source programs have 

moved beyond the desktops of code hackers 
and are now in production in a growing 
number of corporate IS departments. 


prior to their hiring. They have demonstrated their 
understanding of the code base and their ability to fit 
within the OSS development culture. This is an 
important competitive advantage because it means 
OSSg2 companies reduce hiring risks without signif- 
icant up-front recruiting and training costs. 
Trolltech’s employees (approximately 230) come 
from more than 20 different countries; they were 
recruited almost exclusively through the OSS com- 
munity. Trolltech has learned that great developers 
want to work with each other. When asked about the 
criteria for hiring, CEO Havaard Nord emphasized 
that what really counts is “code, code, and 
code...merits...formal education is less important.” 
Trolltech’s employees are the company’s most valued 
assets. The founders and the employees—owning 
two-thirds of the shares—control Trolltech. Outside 
investors have majority ownership and control of 
many software companies. Only in rare cases does 
Trolltech get outside contributions for its products. 
When this happens, either the submitting contribu- 
tor is hired (if coding quality and knowledge of the 
product have been demonstrated) or the firm gets 
ownership of the code. As a result, Nord claims Troll- 
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THE PROVENANCE OF 
ELECTRONIC DATA 


It would include detatls of the processes that 

produced electronic data as far back as the beginning 

Se of time or at least the epoch of provenance 
awareness. 


rovenance is well understood in the study of fine art 

where it refers to the documented history of some art 

object. Given that documented history, the object 

attains an authority that allows scholars to understand 

and appreciate its importance and context relative to 

other works. Art objects that lack a proven history may be 
viewed with skepticism by those who study them. 

If the provenance of data produced by computer systems could be 
determined, then users would be able to understand how documents 
had been assembled, how simulation results were determined, and how 
financial analyses were carried out. Computer applications should thus 
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midst of increasing standardization of financial prod- 
ucts and services, demand can be expected to react 
favorably to innovation designed to anticipate the 
changing needs of customers in technologically diverse 
market segments (such as online asset trading). 


§ or a quantitative comparison of 
efficiency along different strate- 
gic directions in market devel- 
opment, we follow [1] and 
calculate marginal rates of sub- 
stitution (MRS) from the 
empirical results in Table 2. 

: Assuming that a linear approxi- 
mation of the consumer satisfaction function is valid, 
we can apply the standard formula estimating 
MRS,=b;/b. to obtain the data in Table 3, determining 
in particular MRSysz.zou=Dgou/byspe=0-138/0.100= 
1.380 and MRSyse aei=Dpri/bysz=0.146/0.100= 
1.460. Should a cost-benefit analysis be required to 
establish priorities in market development under the 
core framework, these calculations would supply data 
for one side of the decision. For example, if the dif- 
ference between MRSygp,gou=1-380 and the (given) 
relative cost of enhancing service quality in the direc- 
tion of USE and EOU is greater than the difference 
between MRSysppei=1.460 and the (given) relative 
cost of enhancing quality in the direction of USE and 
REL, it would be more efficient for the bank to incre- 
mentally expand online services by exploiting the first 
opportunity as against the second. (In economic the- 
ory, MRS comparisons of this type can be introduced 
independently from output price.) 


CONCLUSION 

The potential exists for Internet banking to become 
significantly more important in the increasingly tech- 
nology- and information-based global economy. 
Financial institutions must therefore deliver ever-bet- 
ter service quality in their online operations and prod- 
ucts. Given that a large number of service-quality 
attributes can potentially affect consumer attitudes 
toward Internet banking, the theory of bounded ratio- 
nality suggests that the high decision cost entailed in 
the pursuit of service-quality enhancement in each 
and every direction would be reduced if the opportu- 
nity set is rationally made smaller. To this end, we 
have proposed a framework under which service-qual- 
ity attributes are reduced to a core subset on the basis 
of both analytical and empirical considerations. The 
resulting core framework can then be applied to deci- 
sion-cost-effective and empirically prioritized man- 
agement in Internet banking, especially with regard to 
market development. 


Significant analytical and statistical grounds exist to 
justify the introduction of perceived usefulness, ease 
of use, reliability, responsiveness, security, and contin- 
uous improvement into the core subset. The idea of 
empirically testing bounded-rational model construc- 
tion can also be extended to evaluate re-specification 
of the core subset in response to shifts in the business 
and/or technological environment. If bank-user per- 
ceptions and preferences are found to change with 
regard to certain core attributes, empirical results 
obtained in this exercise can be exploited by market- 
ing managers to attract more customers to online 


banking. @ 
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The core framework’s 
reduced-form structure 


allowed us to exploit the . Sones (baal 


oes Ra ti of Rea een) 
ordinary least squares in gecuniey (EC) 
further data analysis. Responsiveness (RES) 


Continuous Improvement (IMP) 


Consumer Satisfaction toward Internet 
Banking Services (CSIBS) 


regression with CSIBS as 
dependent variable and 
USE, EOU, REL, SEG, 
RES, and IMP as inde- 
pendent variables sug- 
gests that, given linear 
modeling assumptions, the consumer-satisfaction 
function implied by the present choice of core subset 
is statistically meaningful. In particular, we found that 
R = 0.783, F = 109.867, 
df = (6, 175), p < 0.001, 
and that the regression 
coefficients for all six core 
attributes are statistically 
significant (see Table 2). 
Properties of the con- 
sumer-satisfaction func- 
tion, as hypothesized 
under H1—H6, are there- 
fore supported by the data. 

According to a standard result in statistics, the con- 
stant term in a linear regression equation captures 
autonomous effects on the dependent variable. In the 
present exercise, this can be interpreted as represent- 
ing the empirical influence of service-quality variables 
not included in the core subset, in the sense of parti- 
tioning a universal set of 
quality attributes into a 
subset containing {USE, 
EOU, REL, SEG, RES, 
IMP} and a complement 
subset of other attributes. 
(Excluded variables hav- 
ing nothing to do with 
service quality would be 
factored into the regres- 
sion equation’ error 
term.) The fact that the constant term was found to be 
statistically nonsignificant (in Table 2, the coefficient 
beonsr = 0.277, t = 1.323, p = 0.187) indicates that 
these “left-out” service-quality attributes do not, even 
in the aggregate, significantly affect consumer satisfac- 
tion with Internet banking. This result, together with 
the fact that we found all six regressors to be statisti- 
cally significant, suggests that the approach employed 
to construct the core framework is justified, both 
empirically and analytically. 

Since hypotheses H1—H6 are supported by the 


Table 1. Data reliability test. 
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Table 3. Estimated marginal 
rates of substitution. 
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Perception-based Attribute Items Under Cronbach a 
Likert Scaling 


Unstandardized constant coefficient eee = = 0, 277,t = 1.323, p = 0.187 


data, our core framework 


can be applied to identify 


: eke and evaluate strategies in 
12 | 0.907 i 

: ' en Internet-banking man- 
wg 0897 agement. First consider 
6 0.876 the fundamental strate- 
5 0.815 gic-managerial problem 
4 0.806 of market development. 


Given the positive 
impact of perceived use- 
fulness, it would be possible to enhance consumer sat- 
isfaction and demand by increasing the variety of 
banking and financial services offered over the Inter- 
net. From a micro-level analysis of the survey data, we 
discovered that respondents consider ease of naviga- 
tion particularly impor- 
tant when judging ease of 
use. This finding suggests 
that the upgrading of e- 
banking Web sites should 
be planned with this 
function in mind. Given 
the problems posed by 
counterfeit bank Web 
sites and the resulting 
disincentive effects on 
demand [11], our find- 
ings with regard to secu- 
rity and reliability supply a compelling reason to 
allocate more resources to combat fraudulent banking 
over the Internet. 
The ae impact of reliability highlights the 
importance of satisfying 
customer expectations 


Table 2. Regression results. 
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; ne implementation. It is par- 
aso «ticularly important for 


operations and IT man- 
agers not to forget this 
desideratum in the midst of popular efforts by Internet 
banks to compete by offering rewards and discounts. It 
has been suggested [9] that as customers become more 
accustomed to online transactions, their concern over 
security would ease [9]. If Internet banks consistently 
demonstrated competence and a commitment to 
enhancing information safety and privacy protection, 
both the demand side and supply side of the market 
would benefit. 

Since responsiveness enhances consumer satisfaction 
when transacting online, initiatives by Internet banks 
to increase promptness and attentiveness in e-commu- 
nications should improve demand. Finally, the positive 
impact of continuous improvement suggests that in the 


with six directly testable hypotheses that characterize 
the resulting consumer-satisfaction function in 
terms of empirically meaningful properties. 

We first generalize from the TAM literature and 
propose that service quality in Internet banking and 
resulting consumer satisfaction depend on individual 
perceptions with regard to usefulness and ease of use. 
The empirical importance of these considerations to 
consumer attitudes toward Internet banking was 
investigated and established in [5]. Combining these 
results and applying them to the core framework, we 
obtain the hypotheses: 


H1. Perceived usefulness (USE) is a positive deter- 
minant of CSIBS; and 

H2. Perceived ease of use (EOU) is a positive deter- 
minant of CSIBS. 


Reliability—a basic category in the Servqual proto- 
col—has been found to be an empirically important 
determinant of service quality in many situations 
[12]. In Internet banking, concern over reliability 
would tend to focus on whether information access 
and transaction processes are expected to be opera- 
tionally consistent and accurate. Applying these 
results to the core framework yields the hypothesis: 


H3. Perceived reliability (REL) is a positive deter- 
minant of CSIBS. 


™ nder Servqual modeling, 
security is understood in 
physical and financial 
terms, as well as in terms 
of privacy and the protec- 
tion of data against unau- 
thorized disclosure, 
ing modification, and destruc- 
tion. In particular, privacy enters the analysis in the 
sense of individuals and organizations determining for 
themselves when, how, and to what extent personal 
and sensitive data is to be transmitted to others [9]. In 
Internet banking, security has been found to be a mat- 
ter of intense concern, especially with regard to the 
acquisition and dissemination of personal and sensitive 
data. Perceptions regarding this aspect of service qual- 
ity are generally operationalized in the form of trans- 
action security, as represented directly by the safe and 
accurate transfer of funds and payment-credit infor- 
mation and indirectly by transaction risk [5]. These 
observations suggest the hypothesis: 


S 
S 
. 
] 


H4. Perceived security (SEC) is a positive determi- 
nant of CSIBS. 


In Servqual modeling, service responsiveness is 
generally captured in terms of the vendor's ability to 
supply information with minimal time lag to make 
available problem-solving mechanisms, as well as pro- 
vide guarantees when difficulties emerge [12]. As 
applied to e-service quality, responsiveness has been 
operationalized and studied in terms of promptness 
and efficiency [6]. These observations suggest an 
extension of Servqual modeling to the case of Internet 
banking in terms of the hypothesis: 


H5. Perceived responsiveness (RES) is a positive 


determinant of CSIBS. 


The Servqual idea of continuous improvement was 
proposed to depict service quality in relation to the 
vendor's expected ability to meet changing consumer 
needs and requirements [10]. Such an attribute would 
be fundamental to competitive advantage in business 
areas characterized by rapid technological and institu- 
tional change (such as Internet banking), especially 
with regard to product-service innovation and 
enhancement to increase demand. Applying these 
ideas and results to the core framework suggests the 


hypothesis: 


H6. Continuous improvement (IMP) is a positive 
determinant of CSIBS. 


METHODOLOGY AND RESULTS 

Our research methodology involved the standard 
areas of questionnaire design, survey implementa- 
tion, and quantitative analysis. Our questionnaire 
was designed to allow Likert-scale measurement of 
the core framework’s perception-based constructs 
and service-quality attributes: consumer satisfaction 
with Internet banking, usefulness, ease of use, relia- 
bility, responsiveness, security, and continuous 
improvement. In 2005, we dispatched 500 question- 
naires to individuals with experience in Internet 
banking in Hong Kong. A research sample of 182 
meaningful replies was obtained. 

We first performed a Cronbach a test to determine 
the internal consistency of data obtained from multi- 
ple-item measurement of {USE, EOU, REL, RES, 
SEC, IMP}. The a values we obtained ranged from 
0.796 to 0.907, indicating satisfactory internal consis- 
tency with reference to the standard criterion of 2 0.7 
(see Table 1). Correlation coefficients ranging from 
0.457 to 0.758 indicate the existence of significant 
relationships (at the 0.01 level) among {USE, EOU, 
REL, RES, SEC, IMP} in the data, thereby support- 
ing the combination of such attributes under linear 
modeling of the core framework. 
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tions through the Internet. Unlike traditional bank- 
ing, these facilities do not provide face-to-face contact 
in what is essentially a one-to-one service relationship 
[5]. For Internet banking to compete effectively 
against traditional brick-and-mortar banking, service 
quality in other directions must be relatively higher. 
Among the challenges to market development in 
Internet banking [4] is the requirement that managers 
and strategists identify, measure, and compare the key 
determinants (such as use- 
fulness, reliability, and 
security) of service quality. 

Given the large number 
of variables that can poten- 
tially affect service quality 
and the high decision costs 
if enhancement is sought 
in each and every dimen- 
sion, the idea of bounded 
rationality suggests that 
the opportunity set should 
be made as small as possi- 
ble, that is, its size should 
be “satisficed” in the sense 
expounded by Simon. To 
this end, we suggest an 
approach under which service-quality attributes are 
reduced to a core subset through analytical consider- 
ations, after which the resulting core framework is 
tested for empirical relevance. We show in terms of 
survey data that all quality attributes entering the 
core subset have a statistically significant effect on 
consumer satisfaction with Internet banking, as 
against quality attributes partitioned outside the core 
subset. 

In the literature, service quality is generally under- 
stood to depend on reliability, security, responsive- 
ness, competency, courtesy, communication, 
credibility, access, empathy, and intangibles [8]. 
Under the Servqual protocol for quantifying service 
quality, determinants are distilled into basic categories 
involving reliability, responsiveness, assurance, empa- 
thy, and intangibles [7]. In studies where the standard 
Technology Acceptance Model (TAM), Servqual, and 
transaction cost analysis are used to measure con- 
sumer attitudes toward B2C e-commerce [3], empir- 
ical significance has been established for the perceived 
usefulness and ease of use under both the TAM and 
the quality dimensions of Servqual. 

In Internet banking, the TAM and Servqual attrib- 
utes that might potentially affect service quality pre- 
sent an embarrass des richesse. If enhancement is 
sought in each and every dimension, then according 
to the theory of bounded rationality, such a situation 


Usefulness USE 


Ease of Use EOU 
Reliability REL 
Security SEC 

Responsiveness RES 


Continuous 
Improvement IMP 


Schematic of the 
core framework. 
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can actually work against managerial efficiency. 
Through similar reasoning, the decision costs arising 
from such a large number of variables are readily 
reduced if the opportunity set is rationally made 
smaller. We therefore propose an approach under 
which, by reference to the research support estab- 
lished in the literature, the TAM and Servqual vari- 
ables potentially affecting consumer satisfaction with 
Internet banking are reduced to a core subset. 
This approach yields a 
framework containing 
six service-quality attrib- 
utes—usefulness (USE), 
ease of use (EOU), relia- 
bility (REL), security 


Consumer Satisfaction. (SEC), responsiveness 
Benen: Soi (RES), and continuous 


improvement (IMP)— 

along with their reduced- 

form relationship to 

consumer satisfaction in 

Internet banking services 

(CSIBS) (see the figure 
here). Since the consumption or investment decisions 
underlying changes to individual cash balances are 
given under the framework’s other-things-being-equal 
conditions, we can defer consideration of the time- 
asymmetry effects that characterize plans imple- 
mented through e-banking, as against plans retracted 
through e-banking [2]. Our core framework is there- 
fore applicable to Internet banking whatever the 
direction of monetary transactions. 

Given the framework’s reduced-form structure, it is 
possible to introduce statistical analysis to test any 
choice of attributes in terms of empirical relevance. If 
a particular core framework is found to be valid on 
empirical, in addition to statistical, grounds, it can be 
applied to support decision-cost-effective and empir- 
ically prioritized management in Internet banking 
(such as in market development). 


STRUCTURAL PROPERTIES 

Under the bounded-rationality approach, whether a 
given service-quality attribute enters our framework 
is first determined by the general research support it 
enjoys in the literature and the extent to which it is 
applicable to Internet banking. We then subject any 
choice of the core subset to tests for empirical valid- 
ity. In particular, we draw attention to concepts 
introduced under the fundamental TAM and 
Servqual paradigms and apply them to service-qual- 
ity assessment and consumer satisfaction with Inter- 
net banking. We then obtain a core framework 
containing six perception-based constructs, together 


SATISE, CONSUMER 


IN INTERNET BANKING: 
A CORE FRAMEWORK wat service-quality 


attributes must Internet banks offer to induce consumers to switch to 


online transactions and keep using them? 


e apply Herbert Simon’s seminal idea of 
bounded rationality to construct a frame- 
work for measuring consumer satisfaction 
~ with Internet banking in terms of a core 
subset of attributes. This construction facili- 
tates decision-cost-effective thinking and 
applications on the part of the e-bank’s opera- 
- tions and IT managers to enhance customer ser- 
vice quality and boost market share in this 
_ expanding but increasingly competitive business 
area. Strong analytical and empirical grounds are 
offered to support such an approach. The manager- 
ial implication follows that when planning to expand or 
contract Internet operations, e-banks must first focus on 
attributes in the core subset, along with their benefits and 
costs. 
_ An increasing number of banks worldwide offer facilities 
_ that allow customers to access accounts and execute transac- 
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fying the demand, efficiency, and innovation risks 
that traditional software organizations face and is 
driving a period of creative destruction that has the 
potential to permanently alter the competitive land- 
scape within the software industry. OSSg2 firms 
offer a significant customer value proposition and 
have effective strategies that should aid their 
prospects for long-term survivability. However, dur- 
ing this period of creative destruction, we also rec- 
ognize that the market is constantly changing, 
traditional firms are experimenting with adjust- 
ments to their strategies to address the stresses that 
OSSg2 is placing on their business models, and new 
models are emerging that will blur the lines between 
the categories we have outlined in this article. This 
makes the business of open source both extremely 
fascinating and highly consequential. 
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tech’s customer base is “extremely happy with the 
code,” thanks to the company’s careful approach to 
recruiting and retaining its high-skill employee base. 
Fleury insists that employees are JBoss's greatest asset 
as well: “I treat my elite developers like royalty. I over- 
pay them. I cover my lead developers in stock. Many 
of them walk around with an executive package, 
which is rarely the case, if ever, in traditional software 
companies.” 


his focus on hiring the best 
programmers results in a 
quality of code that is at 
least commensurate with 
that of proprietary develop- 
ment while maintaining the 
benefit of “mass innovation” 
[4] shared by all OSS prod- 
ucts. Similarly, the support and education offered by 
OSSg2 companies meet industry expectations because 
of the quality of the personnel. 

Ecosystem. There is an encompassing ecosystem 
that evolves around OSSg2 companies that typically 
includes all the entities that gain from the OSSg2 
companies’ presence in the market (support services, 
authors, educators, publishers, partners, user commu- 
nities, and so forth). This translates into multiple Web 
sites, email lists, newsgroups, conferences, and pub- 
lished materials providing up-to-date information 
about OSSg2 products and their applications. OSSg2 
companies typically benefit greatly from their ecosys- 
tem without much strain on their resources. Marten 
Mickos, CEO of MySQL, emphasizes that MySQL 
tries, with minimum involvement, to make its ecosys- 
tem thrive: “We try to be open about our intentions 
so it’s easy for others to plan their business and their 
life around us. We try to move the obstacles of getting 
our product, distributing our product, using our 
product. [...] We just make sure the friction is as low 
as possible.” 

Potential OSSg2 customers can download and test 
a complete software product extensively before mak- 
ing an adoption decision. Because the ecosystem pro- 
vides an effective pre-sales support apparatus, 
potential customers receive a significant advantage in 
the form of trialability that is limited neither in time 
nor functionality. 

The ecosystem can also provide for an efficient, 
external quality-assurance mechanism above and 
beyond what may be carried out in-house, as Mickos 
points out: “When we release a new version, within 24 
hours 35,000 people have downloaded and tested it. 
That’s fantastic. Not even Microsoft has 35,000 QA 


engineers. [...] Just based on statistics, we know that 
there are enough people out there who certainly test all 
relevant features, without our specific instruction” [7]. 

The OSSg2 model thus has a significant advantage 
in leveraging an important ecosystem that is willing to 
work on its behalf. 

How OSSg2 Addresses Risks. OSSg2 has an 
adroit answer to dealing with the major risks facing all 
software firms. Every firm faces three strategic risks: 
demand, efficiency, and innovation [2]. 

Demand risk and pricing strategy. Wal-Mart and 
Dell have altered the structure of the retailing and 
computer industries through their low-cost strategies. 
Similarly, OSSg2 firms push the cost of software 
acquisition to the lower limit. Assuming requirements 
are met by an OSSg2 product, cost-driven IS depart- 
ments will be attracted by zero acquisition costs. 
Extensive trialability, discussed earlier, also contributes 
to mitigate demand risk. For OSSg2 firms, as with 
both Wal-Mart and Dell, revenue losses from low-cost 
strategies are largely offset by increased operational 
efficiencies. 

Efficiency risk and the Internet. OSSg2 firms gain 
from efficiencies associated with their Internet-based 
infrastructures. Many employees work remotely, soft- 
ware is downloaded rather than packaged and distrib- 
uted physically, and high trialability obviates many 
traditional marketing costs. Consequently, OSSg2 
firms tend to have a lower cost structure than tradi- 
tional firms and thus enjoy efficiency differentials over 
proprietary software competitors. 

Innovation risk and open source. When code is open, 
many coders can inspect it, and faults often will be 
detected more rapidly than when only a handful 
review it. Furthermore, those who can see the code 
can suggest improvements and submit code changes. 
As with all OSS communities, the developers and sup- 
porting community members for OSSg2 projects are 
drawn from all areas of the world, an immense talent 
pool from which OSSg2 community members can be 
recruited on the basis of talent and contribution, 
unfettered by physical location. This ready supply of 
programmers ensures innovative ideas can be con- 
tributed to the OSSg2 community from both tradi- 
tional sources and sources previously untapped by 
traditional software firms. This phenomenon directly 
attacks innovation risk. 


CONCLUSION 

The open source movement is challenging the status 
quo in the software marketplace. Open source pro- 
grams have moved beyond the desktops of code 
hackers and are now in production in a growing 
number of corporate IS departments. OSS is ampli- 
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Electronic data does not typically contain the historical information 
that would help end users, reviewers, or regulators make the necessary 


verifications. 


be transformed, making 
them provenance-aware, 
so the datas provenance 
may be retrieved, ana- 
lyzed, and reasoned over. 

The Oxford English 
Dictionary defines prove- 
nance as: “(i) the fact of Y ie 
coming from some par- 
ticular source or quarter; 
origin, derivation; (ii) the 


Administer 
store and its 
contents 


Provenance 
Store 


We illustrate the vision of 
provenance-aware applica- 
tions through a concrete 
example in health-care 
management, contrasting 
it with existing systems. 
The scientific and 
business communities [6] 
both embrace a service-ori- 
ented architecture (SOA) 
that allows the dynamic 


Query and 

reason over 

provenance 
of data 


history or pedigree of a 

work of art, manuscript, rare book, etc.; concretely, a 
record of the ultimate derivation and passage of an 
item through its various owners.” Hence, we can 
regard provenance as the derivation from a particular 
source to a specific state of an item. The description 
of such a derivation may take different forms or 
emphasize different properties according to a user's 
personal interest. For instance, for a work of art, 
provenance usually identifies its chain of ownership; 
alternatively, the actual state of a painting may be 
understood better by studying the various restorations 
it has endured. 

The dictionary definition also identifies two dis- 
tinct ways to view provenance: the source (or deriva- 
tion) of an object and the record of the derivation. A 
computer-based representation of provenance is cru- 
cial for users who want to analyze, reason, and decide 
whether or not they trust electronic data. 


‘ape me ere. we introduce the nronvenance life 


discovery and composition 
of services. SOA-based 
applications are increas- 
ingly dynamic and open 
but must satisfy new requirements in both e-science and 
business. In an ideal world, e-science end users would 
be able to reproduce their results by replaying previ- 
ous computations, understand why two seemingly 
identical runs with the same inputs produce different 
results, and determine which data sets, algorithms, or 
services were involved in their derivation. 

In e-science and business, some users, reviewers, 
auditors, and even regulators must verify that the 
process that led to some result complies with specific 
regulations or methodologies; further, they must 
prove the results were derived independently from 
services or databases with given license restrictions; 
and they must also establish that the data was cap- 
tured at the source by instruments with some precise 
technical characteristics. 

While some users must perform such tasks today, 
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Figure 1. Provenance life cycle. 


there is a need to capture 
extra information, or 
process documentation, 
describing what actually 
occurred at execution 
time. Process documenta- 
tion is to electronic data 
what a record of owner- 
ship is to a work of art. 
Provenance-aware appli- 
cations create process doc- 


Relationship 
p-assertions 


M3 = f1(M1) 
M2 = f2(M1,M4) 


M72 is in reply to MI 


of p-assertions we expect 
applications to adopt in 
order to document their 
execution. Figure 2 out- 
lines a computational 
service sending and 
receiving messages and 
creating p-assertions that 
describe its involvement 
in such activity. 

In SOAs, interactions 


l received MI,M4 


I sent M2, M3 


Interaction 
p-assertions 


Service state 


p-assertions 


lt received MI at time t 
| used algorithm x.y.z 


umentation and store it in 
a provenance store offering long-term persistent, 
secure storage of process documentation (see Figure 
1). This role accommodates a variety of physical 
deployments; for instance, a provenance store can be 
a single, autonomous service or (to be more scalable) 
a federation of distributed stores. 

When process documentation is recorded, the 
provenance of data results can be retrieved by query- 
ing the provenance store and analyzed to suit the 
users needs. The provenance 


consist of messages 
exchanged between ser- 
vices. By capturing all 
interactions, one can ana- 
lyze an execution and verify its validity or compare it 
with other executions. Therefore, process documenta- 
tion includes interaction p-assertions, or descriptions 
of the contents of a message by a service that has sent 
or received it. 

Whether a service returns a result directly or calls 


Figure 2. Categories of 
p-assertions made by a 
computational service. 


store and its contents might also 
need to be managed, maintained, 
or curated. 


OpeEN MODEL FOR PROCESS 
DOCUMENTATION 

Process documentation for 
many applications cannot be 
produced in a single, atomic 
burst but must be interleaved 
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assertion—as an assertion made 
by an individual application ser- 
vice involved in the process. 
Thus, the documentation of a 
process consists of a set of p- 
assertions made by the services 
involved in the process. 

In order to minimize its effect on application per- 
formance, documentation must be structured so it 
can be constructed and recorded autonomously by 
services on a piecemeal basis. Otherwise, should syn- 
chronization be required among these services to agree 
on how and where to document execution, applica- 
tion performance might suffer dramatically. To satisfy 
this design requirement, we've identified various kinds 


Figure 3. Provenance 
directed acyclic graph of 
a donation decision. 


other services, the relationship between its outputs 
and inputs is not generally explicitly represented in 
the messages themselves but is understood through 
analysis of the service’s business logic. ‘To promote 
openness and generality, we make no assumptions 
about the technology (such as source code and work- 
flow language) used by services to implement their 
business logic. Rather, we require services to provide 
information in the form of relationship p-assertions, 
or descriptions asserted by a service as to how it 
obtained output data sent in an interaction by apply- 
ing some function or algorithm to input data from 
other interactions. (In Figure 2, output message M3 
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Process documentation is to electronic data what a 
record of ownership is to a work of art. 


was obtained by applying function f1 to input M1.) 

With the two kinds of p-assertions—interaction 
and relationship—process documentation as a whole 
is greater than the sum of its individual parts. Indeed, 
while p-assertions are simple pieces of documentation 
produced by services autonomously, interaction and 
relationship p-assertions together capture an explicit 
description of the flow of data in a process. Interac- 
tion p-assertions denote data flows between services, 
whereas relationship p-assertions denote data flows 
within services. These flows capture the causal and 
functional data dependencies in execution and, in the 
most general case, constitute a directed acyclic graph 
(DAG) (see Figure 3). For a specific data item, the 
data-flow DAG indicates how it is produced and used 
and is thus a core element of provenance representa- 
tion, though not the only one. 


eyond the flow of data in a process, inter- 

nal service states may be needed to under- 

stand nonfunctional characteristics of 

execution (such as the performance or 

accuracy of services) and therefore the 

nature of the results they compute. 

Hence, a service-state p-assertion is documentation 

provided by a service about its internal state in the 

context of a specific interaction. Service-state p-asser- 

tions are varied; they may include the amount of disk 

and CPU time used by a service in a computation, the 

local time when an action occurred, the floating- 

point precision of the results it produced, or applica- 
tion-specific state descriptions. 

In order for provenance-aware applications to be 

interoperable, it is critical that the process documen- 
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tation they respectively produce be structured accord- 
ing to a shared data model. Therefore, the novelty of 
our approach is the openness of the proposed model 
of documentation [7] conceived as independent of 
application technologies [8]. These characteristics 
together allow process documentation to be produced 
autonomously by application services and expressed 
in an open format over which provenance queries 
may be expressed. 


QUERYING THE PROVENANCE OF ELECTRONIC DATA 
Provenance queries are user-tailored queries over 
process documentation aimed at obtaining the 
provenance of electronic data. In this context, the 
data item of interest to the user must first be char- 
acterized. Indeed, since data is indeed mutable, its 
provenance, or history, can vary according to the 
point in execution from which a user wishes to find 
it. A provenance query must be able to identify a 
data item with respect to a given documented event 
(such as sending or receiving a message). 

The full detail of everything that ultimately caused 
a data item to be what it is could be quite large; for 
example, the full provenance of an experiment’s 
results almost always includes a description of the 
process that produced the materials in the experi- 
ment, along with the provenance of any materials 
used in producing these materials and the devices and 
software (and their settings) used in the experiment. 
Should documentation be available, the full prove- 
nance would ultimately include details of processes 
leading back to the beginning of time or at least to the 
epoch of provenance awareness. 

Users must be able to express the scope of their 


interest in a process through a provenance query, 
essentially performing a reverse graph traversal over the 
data flow DAG and terminating according to the 
query-specified scope; the query output is a DAG sub- 
set. Scoping can be based on types of relationships, 
intermediary results, services, or subprocesses [7]. 


IN HEALTH CARE MANAGEMENT 

To illustrate our approach, we explore a health care 
management application. The Organ Transplant 
Management (OTM) system under development by 
the Catalan Transplant Organization, Catalonia, 
Spain, manages all the activities pertaining to organ 
transplants across multiple Catalan hospitals and 
their regulatory authority, the government of Cat- 
alonia, Spain [1]. OTM consists of a complex 
process involving the surgery itself, along with such 
activities as data collection and patient organ analy- 
sis that must comply with a set of regulatory rules. 
OTM is supported by an IT infrastructure that 
maintains records that allow medical personnel to 
view (and edit) a given patient's local file within a 
given institution or laboratory. However, the system 
does not yet connect records or capture the depen- 
dencies among them or allow external auditors or 
patients’ families to analyze or understand how deci- 
sions are made. 


y making OTM provenance-aware, pow- 
erful queries impossible without prove- 
nance-awareness functionality can now be 
supported (such as find all doctors 
~ involved in a decision, find all blood-test 
~@ results involved in a donation decision, 
and find all data that led to a decision). Such func- 
tionality can be made available not only to the med- 
ical profession but also to regulators and families. 
Here, we limit ourselves to a simplified subset of 
the OTM workflow—the process leading to the deci- 
sion of whether or not to donate an organ. As a hos- 
pitalized patient’s health declines and in anticipation 
of a potential organ donation, an attending doctor 
requests the full health record for the patient and 
sends a blood sample for analysis. Through a context- 
sensitive menu-driven user interface (UI), the attend- 
ing doctor submits the requests that are then passed to 
a software component (the donor data collector) 
responsible for collecting all expected results. If brain 
death is observed and logged into the system and if all 
requested data and analysis results are obtained, the 
system asks the doctor to decide about the donation 
of an organ. The decision, or the outcome of the doc- 
tor’s medical judgment based on the collected data, is 
explained in a report submitted by the doctor as the 


decision’s justification. 

Figure 3 (top) outlines the components involved in 
this scenario and their interactions. The UI sends 
requests (I1, 12, 13) to the donor data collector service, 
which gets data from the patient records database (14, 
15), along with analysis results from the laboratory 
(16, 17), and finally requests a decision (I8, I9). 

To make OTM provenance-aware, designers are 
augmenting OTM with the ability to produce an 
explicit representation of the process taking place, 
including p-assertions for all interactions (I1-I9), rela- 
tionship p-assertions capturing dependencies between 
data items, and state p-assertions. Figure 3 (bottom) 
outlines the DAG representing a donation decision’s 
provenance, which consists of relationship p-asser- 
tions produced by provenance-aware OTM. DAG 
nodes denote data items, whereas DAG edges (in 
blue) represent relationships (such as data dependen- 
cies, like “is based on” and “is justified by,” and causal 
relationships, like “in response to” and “is caused by”). 
Each data item is annotated by the interaction in 
which it occurs. Further, the UI asserts a service-state 
p-assertion for each of its interactions about the users 
logged into the system. 

Authorized users can then issue provenance queries 
that navigate the provenance graph, pruning it 
according to the querier’s needs; for example, from the 
graph, we can derive that users X and Y are both caus- 
ing a donation decision to be reached. Figure 3 
includes only a limited number of components, but in 
real-life examples involving vast amounts of docu- 
mentation, users—doctors, patients, or regulatory 
authorities—benefit from a powerful and accurate 
provenance-query facility. 


EXISTING SYSTEMS 

The approach we've explored here is derived from an 
extensive requirement analysis [8] that resulted in a 
complete architectural specification [7] used as the 
basis for writing an open specification of data mod- 
els and interfaces. The open approach allows the 
documentation of complex distributed applications, 
possibly involving multiple technologies (such as 
Web services, command-line executables, and 
monolithic executables). It also allows the expression 
of complex provenance queries to identify data and 
scoping processes independent of the technologies 
being used. 

The Virtual Data System [4] and myGrid [10] are 
execution environments for scientific workflows that 
provide support for provenance. They focus on pro- 
ducing documentation from a workflow enactor's 
viewpoint using data models compatible with p-asser- 
tions. They assume their respective workflow lan- 
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guage, allowing them to obtain compact process doc- 
umentation. By adopting an open data model for 
process documentation, like the one we've advocated 
here, such systems could be integrated into heteroge- 
neous applications that seamlessly execute provenance 
queries. 

The database community has also investigated 
provenance [2, 5] but adopted different assumptions; 
for instance, it assumes the existence of a query lan- 
guage for which queries may be reversed to identify 
the origin of results. As in our approach, different 
kinds of provenance (such as why and where [2]) are 
viewed as being of value as specific instances of prove- 
nance queries. 

The Provenance Aware Storage System developed 
at Harvard University [9] is designed to automatically 
produce documentation of execution by capturing 
file system events in an operating system. Like all 
other approaches, capturing small-grain documenta- 
tion involves scalability and performance challenges, 
so deriving information at a suitable level of abstrac- 
tion for the user is often difficult. 


CONCLUSION 

The IT landscape, which once exclusively involved 
closed monolithic applications, today involves appli- 
cations that are open and composed dynamically 
while being able to discover results and services on 
the fly. Users must know whether they have confi- 
dence in their applications’ electronic data; it must 
therefore be accompanied by its provenance that 
describes the process that led to its production. 

To achieve this vision, we've proposed an open 
approach through which applications, irrespective of 
technology, document their execution in an open data 
model that can then be used to run provenance 
queries tailored to user needs. In the same way schol- 
ars can appreciate works of art by studying their doc- 
umented history, users would be able to gain 
confidence in electronic data thanks to provenance 


queries. @ 
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DESIGNING A LEARNING 


MANAGEMENT SYSTEM To 
SUPPORT INSTRUCTION 


As educational technology becomes more | The goal of an LMS, devised by 
| d 


prevalent in higher education, teaching is no : ; as 
longer restricted to face-to-face (F2F) instruc- @ growling number of untwerdttted, 


tion. For university courses, the combination | us to offer faculty indtructional 
of e-learning and F2F teaching increases acces- _ ‘ : 

sibility, flexibility, and choices for interactivity JUppor t. The actual use of these 
[10]. This leap in instructional productivity programs, however, suggests that 
can be accomplished with a Learning Manage- f ; : 
ment System (LMS), which is often used as the — dupport ts elusive. An expervence 
platform to support e-learning and hybrid Q% National Taiwan University 
online F2F courses. Traditional instructional | ; ; 
activities such as presenting information, man- illustrates how a university can 
aging course materials, and collecting and eval- 
uating student work can be completed online _ 


using an LMS. Recently, a growing number of | better LUIS design. 


increase faculty usage through 
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Before investing time and money to develop technically advanced tools, it is 
necessary to investigate the needs of the faculty. 


=a > courses. Some programs allow teachers 
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Note Lecture and discussion will be held in English. 
universities have employed LMSs to support their 
courses [9]. Some universities have even developed 
their own LMS to better integrate with their existing 
instructional resources or just to cut costs. 

Many LMS products are commercially available, such 
as Blackboard (www.blackboard.com), Desire2Learn 
(www.desire2learn.com/), ANGELILMS (www.angel- 
learning.com/products/LMS/default.html), and 
Intralearn™ LMS (www.intralearn.com/Products/ 
intralearn.aspx). Sometimes the terms “Course Man- 
agement Systems” (CMS) or “Learning Content 
Management Systems” (LCMS) are used to indicate 
similar systems. 

An LMS provides an array of tools and functions to 
support teaching and learning, usually including course 
management tools, online group chat and discussion, 
homework collections and grading, and course evalua- 
tion. Some LMS features are more technically sophisti- 
cated, such as holding virtual office hours, reminding 
students about the deadlines, and dividing students 
into groups for online projects [12]. Other programs 
can separately archive content for use in multiple 
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This course is an intensive course to introduce the underlying cell signaling pathways and their mediators 
covering mammalian cells, plants and microbes. The final goal of this course aims to provide an overall 
knowledge regarding the diverse and significance of cell signaling events in response to various stimuli and 
physiological conditions and the generality among species. The course will be held in a combination of lecture 
and discussion format (with an assigned paper by instructors). Students interested in cell biology and cell 
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events in response to various stimuli and physiological conditions and the generality among 
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to create ePortfolios to collect and store 
student’s journals, projects, and tests 
[3]. As more LMS products are devel- 
oped, new technically sophisticated 
functions are created. 

The variety of functions and fea- 
tures of LMS should provide more 
choices and increase the use of the sys- 
tem. Studies about the actual use of 
LMS programs reveal that some func- 
tions are used more often than others 
[1, 7, 11]. Woods, Baker, and Hopper 
conducted a survey of 862 faculty 
members at 38 institutions who used 
the Blackboard Learning Manage- 
ment System. They found that few 
faculty members used LMS functions 
to assess students or to promote com- 
munity [11]. Most faculty used 
instructional functions, such as pub- 
lishing syllabi, sending email, and 
providing readings. The communica- 
tive and interactive features were 
largely unused. In Grant’s qualitative 
study, some faculty members relied on Blackboard 
CourseInfo to post scanned material in the absence of 
the copying services [7]. 

The results of actual LMS use at universities suggest 
it is important to examine the teaching needs of the 
faculty before designing such a system. If the functions 
and features do not suit faculty needs, or the technical 
complexity is too difficult, the use of such functions 
and features is limited. Before investing time and 
money to develop technically advanced tools, it is nec- 
essary to investigate the needs of the faculty. 

What makes an LMS popular among a faculty? 
Can faculty members with little technical computing 
knowledge become proficient at using an LMS sys- 
tem? The LMS development experience at National 
Taiwan University (NTU) presents an instructive case 
that answers these questions. 


Figure 1. A 
sample English 
CEIBA page from 
a biology course. 


DESIGN AND DEVELOPMENT OF THE NTU LMS 

A team at NTU’s Computer and Information Net- 
working Center designed and developed its own LMS 
in 1995 and called it the CEIBA system 
(https://ceiba.ntu.edu.tw/). The main CEIBA inter- 
face is in Chinese. An English interface is available 
and English content construction is possible for fac- 
ulty who wishes to use it, especially for those who 
offer international courses (see Figure 1). Initially, it 
was created as a system for faculty to place course sup- 
plements online. In 2001, an educational technology 
support team was formed to redesign the CEIBA sys- 
tem as an instructional management system. The total 
number of courses using CEIBA has grown from 100 
in 1999 to 2,300 in 2005, and then reached 4,100 in 
2007. This number does not include graduate semi- 
nars, physical education, 


weekly outline page. They type in the first date, 
and the rest of the 17 weeks of weekly class ses- 
sions appear automatically. A professor can enter 
the weekly topics and go into the weekly course 
pages that are linked automatically to the topics. 
Class roster. CEIBA connects to the registrar's 
office and retrieves information from the student 
records. The faculty automatically receives 
updated student records data throughout the 
term. Professors can print out the class list, and 
can send email to individuals, small groups, or 
the entire class. 

Student homework. CEIBA allows students to sub- 
mit homework online to professors. The LMS has 
an option to allow sharing documents with other 
students. With this feature, students can show 
homework with a pro- 
fessor’s comments to 


or service courses that 
may also use CEIBA. The 
total number of faculty 
members who _ placed 
courses online also has 
grown from 60 in 1999 to 
1,246 in 2007. 

CEIBA (version 4) was 
redesigned to focus on the 
teaching aspects of using 
an LMS. User support 
was increased to help fac- 
ulty members overcome 
the technological barriers 


Numbers of Professors 


of using an LMS. Figure 2. NTU professors 
Instructive design using CEIBA between 2000 and 
; 2007 by college. 

CEIBA teaches users 


about instructional design. 

The system was based on instructional design traditions 
in educational technology from scholars such as Gagné, 
Briggs, and Wager [6]. While providing tools for online 
instruction, the LMS informs faculty members about 
instructional design steps such as setting goals, making 
the structure explicit, encouraging interaction, and 
including evaluation. In addition, CEIBA enhances 
faculty knowledge about the courses and students. The 
LMS assists professors with the following functions: 


* Course syllabus. To build a CEIBA course Web 
site, a faculty member goes into a course intro- 
duction page, where there are course titles, course 
objectives, course evaluation, and grade assign- 
ment. These choices force the faculty member to 
lay out the information about the course before 
the course starts. 

* Course schedule. After completing the course 
introduction page, faculty members advance to a 


other students. 


Inclusive design. CEIBA 
accommodates both 
novices and experts. The 
LMS has features that 
allow experts to quickly 


Colleges 


bypass step-by-step pages 
designed for novices. 
CEIBA was designed to 
prevent experts from get- 
ting frustrated by fea- 
tures for novices, while 
shielding novices from the complexity of technical 
systems of advanced functions. The LMS offers the 
following: 


° Course creation: Professors are given three ways to 
create a course. Faculty members can link to their 
own course Web sites, import course outlines or 
the entire course from previous CEIBA courses, 
and create new courses. 

Content editing. An online Web page editor is 

available. Although the functions of the editor are 

simple, the editor provides tools for novices to 
manipulate text, typefaces, bullets, hyperlinks, 
and graphics. 

* Student grouping. CEIBA allows a class to be 
divided into groups. It also allows two classes to 
be combined to use the same interface, mainly for 
professors who have two or more sessions of the 
same class. 

¢ Interactive activities. CEIBA has a course resource 
sharing board, an announcement board, a discus- 
sion board, and a voting board, to which the 
teacher can post announcements and questions. 


COMMUNICATIONS OF THE ACM April 2008/Vol. 51, No. 4 61 


One of the barriers limiting LMS use at universities 
is the fear of technology. Professors in the arts and humanities 
often feel they do not possess the ability nor have the time to learn 


to build Web-based course material. 


Support personnel. A team of instructional specialists 
support faculty members using CEIBA. The sup- 
port team conducts gen- 
eral workshops on how 
to use CEIBA, as well 
specialty workshops on 
how to use Web editors, 
graphic editors, and 
video editors. The sup- 
port team answers ques- 
tions submitted by email 
and through Web forms. 
The support team also 
provides help for indi- 
vidual professors who 
come to the office in per- 
son. For faculty mem- 
bers who are interested in developing multimedia 
material, but who do not have the equipment, soft- 
ware, or expertise, the support team works with 
them in a dedicated multimedia studio. For large 
introductory courses, such as Chemistry 101 and 
Physics 101, the support team worked with the 
departments to develop professional quality of 
videos of their lab procedures. 

Combining instructive design, inclusive design, 
and support personnel has made a big difference. 
After the organizational and system function changes 
were made, the results were noticeable. A growing 
number of professors started using CEIBA. A survey 
was conducted in June 2007 to determine CEIBA 
usage. Questionnaires were distributed at the end of 
the spring semester, and 182 out of 620 professors 
who used CEIBA during that semester responded. 


Functions _ 


Category 


u ss a eae ree 
Interaction Discussion board 


Interaction | Homework assignment 
Interaction Resource sharing 
Interaction 
Interaction Grouping students 
Interaction | Homework sharing 
Chat rooms 


Voting 


Interaction 
Interaction 


RESULTS OF THE CEIBA User ANALYSIS 

Professor participation. One of the barriers limiting 
LMS use at universities is the fear of technology. 
Professors in the arts and humanities often feel they 
do not possess the ability nor have the time to learn 
to build Web-based course material. With the 
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Co-teacher management 


redesign of LMS and the assistance provided by the 
support team, CEIBA usage increased greatly among 
the faculty without sci- 
ence and engineering 
backgrounds. Figure 2 
presents the total num- 
ber of professors using 
CEIBA between 2000 
and 2007. The College 
of Arts and Humanities 
recorded the highest 


number of faculty using 


55% . 

a CEIBA, surpassing the 
63% number of users from 
65% the engineering depart- 


ment. The results sug- 
gested that arts and 
humanities professors 
are no less interested or 
capable of building 
online resources for their courses than their engi- 
neering counterparts. 

Teaching methods. In terms of overall satisfaction, 
most of the professors ranked the richness and flexi- 
bility of CEIBA functions well above average. Over 
95% of respondents felt that CEIBA was equipped 
with instructional and management functions that 
serve the user needs. Over 85% felt CEIBA was easy 
to use, had clear guides, and the support team was 
helpful and quick to solve problems. In terms of the 
impact of using CEIBA, about 90% of the professors 
felt their courses were more complete and structured 
after using CEIBA. Indeed, 80% of professors 
responded that the contents of their courses were 
enriched by using CEIBA, and their students’ learn- 
ing results have been improved. 

Many professors indicated their instructional 
strategies and teaching styles had changed. About 
80% of professors felt that their interaction with stu- 
dents had increased, and their teaching styles had 
become livelier. About 75% of the professors 


Survey results of CEIBA at NTU at 
spring 2007. 


responded that their knowledge about media had 
increased, and 60% stated that their skills in Web 
page construction had increased as well. Over 95% of 
professors predicted they will continue to use CEIBA 
in the future. Of the 620 professors who used CEIBA 
in spring 2007, about 16% were new users of CEIBA, 
about 55% had one to three years of experience, about 
22% had four to six years of experience, and only 6% 
had over six years of experience. 

Function avoidance. Many of the CEIBA functions 
are designed to increase student interaction with pro- 
fessors and other students. The table on the preceding 
page lists the frequency of the usage of interactive 
functions. Many professors reported that they did not 
use interactive functions. The results showed the 
functions that provide information about the course 
were used by over 90% of the professors who partici- 
pated in the survey. About 85% to 90% of the 
responding professors used group email and 
announcement boards to disseminate information. 
On the other hand, functions that encourage interac- 
tion and sharing were not used as often. About 65% 
of professors never used chat rooms, homework shar- 
ing, or voting functions. 


CONCLUSION 

As the case of the NTU illustrates, it is possible to 
increase LMS usage by professors from all disci- 
plines. The survey results confirmed previous studies 
that showed the most frequently used functions are 
not necessarily the technically advanced ones [1, 7, 
11]. Rather, the functions critical to providing 
course information for faculty and students are used 
the most. As Laurillard indicated [8], university 
courses are still dominated by lecturing or informa- 
tion giving. However, instructive design, inclusive 
design, and personnel support for systems like 
CEIBA can increase users among both faculty and 
students. 

More recent development of LMS also tends to 
focus on more diverse design and personalized services 
[4, 5]. Given the positive response from the NTU 
professors, one can see that it is possible to design an 
LMS to meet the needs of faculty members without 
extensive computer skills. CEIBA attracted large 
number of professors from arts and humanities, and 
was widely used across departments and colleges at 
NTU. 

Teaching is a complicated process. Instructional 
support requires software designers to consider a fuller 
scope of instructional process. As Boyd pointed out 
[2], interaction and thus the cultivation of commu- 
nity is crucial in sustaining and expanding a profes- 
sor’s academic life. As much as interaction is essential 


in F2F instruction, it should be carefully fostered in 
Web-based instruction. Therefore, building interac- 
tion in class would require a lot more work than to 
incorporate interaction tools in a system. An instruc- 
tionally supportive LMS must build on the faculty's 
understanding and knowledge of instruction. 
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INFORMATION SECURITY AND 
RISK MANAGEMENT 


Use the new PCR risk metric to find ways to enhance 
security, avotding one-dimenstonal metrics like ALE that 
could risk an organization s survivability. 
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he economic framework 

explored in [3, 6, 7] is useful 

for evaluating information 

security activities. A key con- 

cept in this framework is the 

notion of risk management. 

Even though organizations try 

to avoid any breach of infor- 

mation security, they cannot make all their 

information 100% secure all the time. Thus, 

managing the risk associated with potential 

breaches is an integral part of resource-alloca- 

tion decisions associated with information-secu- 

rity activities.’ To make such decisions, the chief 

information security officer (CISO) needs to first 
be clear as to what is meant by risk. 

Risk involves multiple dimensions and mean- 

ings within the context of information security. 

Here, we discuss three measures that capture var- 


L : : ; ' : 
See [5] for a framework for cyber risk management that incorporates insurance. 


ious aspects of information security risk and pro- 
pose a methodology that allows decision makers 
to combine them into a single composite met- 
ric—the perceived composite risk, or PCR. 

We recommend using the Analytic Hierarchy 
Process (AHP) [8] to determine the weighting 
factors needed to combine risk measures into the 
PCR. We offer an example of how decision mak- 
ers can use the PCR to evaluate proposals for 
enhancing an organization's information-security 
system. Here, we build on the AHP analysis in 
[1] for assisting CISOs ranking proposals 
intended to enhance their organizations’ informa- 
tion security systems.” 

Three measures that capture commonly con- 
sidered facets of risk are the expected loss, 
expected severe loss, and standard deviation of 
the loss. 

The expected loss is calculated by adding 


2 

‘For more on the allocation of resources in information security, see [2, 4]. 
3 5 : : 

We assume loss is a discrete random variable. 


By LAWRENCE D. BODIN, 
LAWRENCE A. GORDON, 
ano MARTIN P. LOEB 


together the product of each loss with its respec- 
tive probability.’ The expected loss is conceptu- 
ally equivalent to the popular Annual Loss 
Expectancy (ALE) measure (see, for example, 
[3]). Based on this measure, the larger the 
expected loss, the larger would be the risk associ- 
ated with a breach of information security. 

The expected severe loss focuses on the 


breaches that would put the survivability of the 


organization at risk. In order to calculate the 
expected severe loss, the decision maker (such as 
a CISO) first specifies the magnitude of a loss 
that, were it to occur, would threaten the organi- 
zation’s survivability. The expected severe loss is 
calculated by adding together the product of each 
loss that is greater than or equal to the specified 
threshold loss with its respective probability. 
Based on this metric, the larger the expected 
severe loss, the larger would be the risk associated 
with a breach of information security. 

The standard deviation of loss (the square root 
of the variance of loss) represents the dispersion 
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around the expected loss. It is computed by taking the 
square root of the product of squares of the deviation 
of each loss from the expected loss with the probabil- 
ity of that loss. Based on this metric, the larger the 
standard deviation, the larger would be the risk asso- 
ciated with a security breach. We used the standard 
deviation of loss rather than the variance of loss 
because the standard deviation of loss is measured in 
the same units (for example, dollars) as both the 
expected loss and the 


PCR = ELX]+[B/A] ELXLX2 7}+[ C/A] o 


where the weights A, B, and C are determined from 
the AHP. These weights are positive, sum to one, 
and reflect the relative importance of the perfor- 
mance metrics to the decision maker. An overview 
of the AHP (in an information-security-investment 

context) is given in [1]. 
Before turning to the question of how these 
weights are derived 


expected severe loss. 

To illustrate the three 
metrics, let X be a ran- 
dom variable represent- 
ing the loss (in millions 
of dollars) attributable to 
a breach. In a proposal 
(Proposal 1) for enhanc- 


ing information security 


Expected loss: 


Expected severe loss: 


Standard deviation of loss: 


BLY] = Sox PLY =x]=O-[141-L.1]+...49-[1]=45 


ELX|X =P] = Si x-PLY =x] =8-[.1]+9-[1]=1.7 


4 through AHP, consider 
three properties of the 
PCR; 


° It equals the expected 
loss plus two penalty 
terms; 

° The penalty term, 
[B/A] ELXLX2 7), mea- 


activities, X has the fol- 
lowing discrete uniform 


Ge {3 (2-BY PLE =x] 35/8205 +2 872 


sures an additional per- 
ceived loss due to the 


distribution: occurrence of a severe 
X = random variable representing the loss in millions of dollars attributable to a breach | 7 d 
P [X=x] = probability the loss attributable to the breach equals x OSS; an 
x =0,1,2,3,4,5,6,7,8,9 
P[X=x] =.1 for x = T = $8 million (threshold loss) ¢ The penalty term, 
OO De 9: [C/A] o, measures an 


he expected loss from a breach, 
E[X], under Proposal 1 is equal 
to $4.5 million, as shown by the 
calculation in the figure here. In 
order to calculate the expected 
severe loss, the decision maker 
must first specify a threshold 
level. Suppose that level, denoted 
by T, is judged to be 8, that is, any 
breach that costs $8 mil- 
lion or more is believed 
to put the survivability of 
the organization at risk. 
The expected severe loss, 


Expected Loss 
EDX] 


Eeuatioerctnn | 
ELXIX > 7], under Pro- exxen 
posal 1 is equal to $1.7 Standard Deviation oftoss 1/2 
- ion 


million, as shown by the 
calculation in the figure. 

The standard deviation of loss, denoted by o, 
under the loss function defined for Proposal 1 is equal 
to $2.87 million, as shown by the calculation in the 
figure. 


CompPuTING ExpecTeD PCR 

For a given set of information-security activities, the 
PCR is a linear combination of the expected loss, the 
expected severe loss, and the standard deviation of 
loss that can be attributable to a breach: 
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Expected | Expected Standard Weights 
Loss E[X]} Severe Loss | Deviation of 
: E[X|X=T] Loss 0 
i | 2 4 


additional perceived 
loss due to variability 
in predicting the loss. 


Calculation of expected loss, 
expected severe loss, and 
standard deviation of loss in 
Proposal 1. 


The weights A, B, and 
C measure the emphasis the CISO wants to place on 
the three risk measures: expected loss, expected severe 
loss, and standard deviation. The weights on the three 
terms are 1, B/A, and C/A. Without the loss of gen- 
erality, one can normalize the weights on the terms in 
the PCR so the weight on 
the expected loss, E[X], is 
equal to one. In that way, 
a decision maker who 
wants the PCR to equal 
the expected loss would 
set B = 0 and C = 0 in the 
equation defining PCR. 
To illustrate the AHP 
method for determining 
the values of the weights, 
we consider a numerical 
example. Table 1 lists a pairwise comparison matrix of 
the three measures: expected loss, expected severe loss, 
and standard deviation of the loss. The pairwise com- 
parison matrix is made up of columns 2-4 and rows 
2-4 in the table. The final column lists the weights as 
determined by the eigenvector associated with the 
maximum eigenvalue for the pairwise comparison 


Table 1. Pairwise comparison 
matrix and weights for the 
example. 


The approach of using the expected loss due to a breach as 
the ranking criterion gives the CISO a narrow analysis of the alternatives 
and may lead to misleading results. 


matrix in columns and rows 2-4 
in the table (for more, see [1]). 

In establishing this pairwise 
comparison matrix, the assump- 
tion in the example is that the 
expected loss (E[X]) and 
expected severe loss (E[XIX2T]) 
are equally important criteria, 
both slightly more preferred than 
the standard-deviation-of-loss 
(ca) criterion. The pairwise com- 
parisons that represent this judg- 
ment are realized by setting a, = 
1, a5; = 1, aig = 2, ap3= 2, a9; = 1/2, and agy= 1/2, Fur- 
ther, the diagonal elements, a;;, a2), and a33, are set 
equal to 1, since a criterion is equally important as 
itself. 

For a given decision maker for which AHP reveals 
these weights—A = 0.4, B = 0.4, and C = 0.2—here 
is the value of the PCR for Proposal 1: 


Table 2. Probability 
of losses under three 
information security 
project proposals. 


PCR (Proposal 1) = $4.5+[.4/.4] 
[$1.7M]+[.2/.4].[$2.872M]=$4.5M+$1.7M+$1.43 
6M=$7.636M 


EVALUATING FOUR 
PROPOSALS 


Probability of Loss Proposal 2 
Probability of Loss Proposal 3 
Probability of Loss Proposal 4 


Expected Expected 
Loss E[X] | Severe Loss 
_ ELX|X=T] 
Me 
5.2 1.6 


"Losses from an information security breach (in $ millions) 


deo 


the three risk measures for each of the three proposals; 
it also lists the value of the PCR for each proposal, 
assuming that A = 0.4, B = 0.4, and C = 0.2. 

Some problems with using the popular metric of 
expected loss as a sole measure of risk are apparent by 
examining Tables 2 and 3. According to the expected 
loss metric, Proposal 3 is the preferred proposal, fol- 
lowed in order by Proposal 1, Proposal 2, and Pro- 
posal 4. Note that although Proposal 3 minimizes the 
expected loss, it also generates the seco 

nd highest probability of threatening the surviv- 
ability of the organization (Pr [X>8]=0.4) and gener- 
ates the highest standard deviation of loss. 

Table 3 also indicates that based on the expected 
severe loss criterion, Proposal 2 is the preferred pro- 

posal, followed in order 

; by Proposal 1, Proposal 3, 

and Proposal 4. Further, 
Piet based on the standard 


Standard 
Deviation of 


Loss 7 


In order to demonstrate — Propes!! Ene deviation criterion, Pro- 

PCR use, assume that the —_ Prepesal ate nes posal 4 is the preferred 

CISO must select from — Prepesals 4.35 35 4.028 9.864 proposal, followed in 
Peapod 7.65 45 0.654 12.477 


among four equal cost 
proposals for enhancing 
an organization’s information security. Suppose the 
CISO and his/her staff have estimated the loss prob- 
abilities associated with the three proposed sets of 
information security activities. The estimated loss 
probabilities associated with each proposal are bro- 
ken down into the 10 discrete amounts in Table 2. 
We continue to assume that the threshold level, T, 
of a severe loss is $8 million. Table 3 lists the values of 


Bold indicates column minimums 


order by Proposal 2, Pro- 
posal 1, and Proposal 3. 
Thus, a decision maker 
interested in minimizing 
the risk of a breach could 
rationally select Proposal 2, Proposal 3, or Proposal 4, 
depending on the risk metric being considered. 

The PCR combines the three risk measures 
through a procedure that determines the decision 
maker's relative weighting of the risk criteria. The 


Table 3. Risk measures for the 
three proposals (where T=8, 
A=0.4, B=o0.4, and C=o0.2. 
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Popular risk metrics (such as expected loss from a 
breach and the standard deviation of a loss from a breach) capture 
only narrow aspects of risk. 


weights are decision-maker dependent, so the rank- 
ings based on the PCR are likely to vary from person 
to person. With the values of A, B, and C given by 
0.4, 0.4, and 0.2, respectively, Proposal 1 is preferred 
to Proposal 2, which in turn is preferred to Proposal 
3, which is preferred to Proposal 4. It is interesting to 
note that Proposal 1 has the smallest value of the 
PCR, even though it did not dominate any individual 
metric. However, if the decision maker's weights were 
A= 0.1, B = 0.2, and C = 0.7, then based on the PCR, 
Proposal 4 is preferred to Proposal 2, which is pre- 
ferred to Proposal 1, which is preferred to Proposal 3.‘ 

The approach of using the expected loss due to a 
breach as the ranking criterion gives the CISO a nar- 
row analysis of the alternatives and may lead to mis- 
leading results. Examining these other risk measures 
helps determine the best proposal for implementa- 
tion. Although we formed the PCR as a linear com- 
bination of expected loss, expected severe loss, and 
standard deviation of loss, the method of forming a 
single PCR type of metric from a set of criteria is a 
general methodology. The decision maker can use any 
set of criteria to form a PCR type of metric and the 
AHP to determine the weighting factors. In that way, 
no matter what aspects of risk a decision maker 
wishes to consider, a PCR type of metric can serve as 
a powerful decision-making tool. 


CONCLUSION 

Anyone responsible for information security must 
be able to manage risk. However, the initial step in 
such management—defining risk—is far from easy. 
Popular risk metrics (such as expected loss from a 
breach and the standard deviation of a loss from a 
breach) capture only narrow aspects of risk. Here, 
we've introduced a new metric—the PCR—to eval- 
uate investment proposals for enhanced information 
security and recommended using AHP to determine 
the weights in the PCR. The PCR gives the user 
powerful new tools for analyzing proposals for 
enhancing an organization’s information security 


“Tn this case, PCR(Proposal 4)=$21.227 million, PCR(Proposal 2)=$22.330 million, 
PCR(Proposal 1)=$28.006 million, and PCR(Proposal 3)=$39.548 million. 
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system. This analysis complements [1], which 
detailed how to spend an information-security bud- 
get, taking into account both financial and nonfi- 
nancial aspects of proposed information security 
projects. 
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A TYPOLOGY of COMPLAINTS 
ABOUT EBAY SELLERS 


More could be done to reduce 
rising online fraud rates. 


Somplaints are expressions of dissatisfaction 
stemming from a feeling of having been | 
wronged. Complaints can express dissatisfaction with a compa- 


ny’s customer service or allege that a company has defrauded a 
customer. Understanding complaints allows firms to improve 
their business practices to better meet customer needs. Online. 


complaints are often recorded in reputation systems that collect, 
distribute, and aggregate feedback about an online business’s 


past behavior [9]. These online complaints. 
help consumers engaging in transactions 
over the Internet to “decide whom to trust, 
encourage trustworthy behavior, and deter 
participation by those who are unskilled or dishonest” [9]. | 


DAWN G. GREGG and Juby E. SCOTT 
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Example # 
Instances 


Total for complaints about receiving items 


In 2007, an estimated $108.7 billion in goods were 
sold online with approximately a quarter of sales 
occurring at online auctions [2, 3, 10]. Online auc- 
tions provide unparalleled selection and_ potential 
value for buyers, while offering sellers a way to reach 
millions of buyers. However, the anonymity of online 
auctions gives less scrupulous sellers the opportunity 
to take advantage of buyers, either by intentionally 
misstating the quality and condition of their products 
or by selling products they have no intention of deliv- 
ering. Both of these practices are forms of online 
fraud, and represent a growing problem for online 
consumers. Online auctions are especially prone to 
fraud because it is easy for businesses large and small 


% of 
Complaints 


Complaints against Sellers 


% of 
Complaints 


to establish and run online auction 
stores. In 2006, online auction 
fraud was the most reported online 
offense, comprising 44.9% of com- 
plaints referred to the Internet 
Crime Complaint Center [5]. 
Online auction reputation sys- 
tems contain feedback profiles 
made up of comments from trans- 
action partners (buyers or sellers). 
In order to understand the com- 
_ plaints being left in online auction 
reputation systems, it is necessary 
to determine what problems are 
currently being reported as nega- 
tive feedback in reputation  sys- 
tems, and the proportion of 
problems that contain allegations 
_ of fraud. This research develops a 
typology of complaints about sell- 
ers in online auctions that can be 
used to classify negative feedback 
posted at online auction sites. 
Complaints placed in eBay's repu- 
tation system in 2003 and 2005 
were analyzed using the typology of 
complaints. The types of fraud a buyer can encounter 
when making a purchase at an online auction include 


[6]: 


Table 1. Complaints 
about receiving items. 


* Non-delivery. The seller places an item up for 
bid with no intention of delivering it. 

° Misrepresentation. The seller deceives the buyer 
as to the true value of an item. 

* Black-market goods. Ulegal goods sold on online 
auction sites. 

° Fee stacking. The seller adds hidden charges to 

the item after the 

auction is over. 


Figure 1. Typology of 
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° Triangulation. 


ee eee Stolen credit is used 
to buy from an 
online merchant 
and the item is 
Fie ic os ely rakes resold at auction. 


° Shill bidding. Inten- 
tional fake bidding 
by sellers to drive 
up the price of their 
items. 


Slow/no Seller rude Confusion 
response leaves about terms 


negative 
feedback — 


Terms not 
stacking understood 
by buyers 


In addition to fraud, 
online auction buyers 
can experience prob- 


lems that are undesirable but legal (such as difficulty 
contacting the seller). To analyze the characteristics 
of negative comments placed at online auction sites, 
we developed a complaint categorization scheme 
that describes the problems buyers can have when 
purchasing from an online auction. It includes prob- 
lems related to the payment and shipping of items, 
problems with the item received, along with refunds 
or exchanges, communication problems, and bid- 
ding. The typology of complaints is shown in Figure 
1. It should be noted that the complaint classifica- 
tion system is designed to classify allegations of mis- 
conduct that have not been proven. It is possible that 
some allegations are unfounded; nevertheless, the 


Complaint Example 


Total for Complaints About Items 


allegations are useful for understanding overall pat- 
terns of misconduct and estimating whether those 
patterns change over time. 

Data for this study was gathered from eBay's rep- 
utation system. eBay allows users to post positive, 
neutral, or negative comments about their transac- 
tions. This study classified negative feedback posted 
about sellers and estimated the frequency of the dif- 
ferent complaint types. Initial samples of 6,571 neg- 
ative comments from May 2003 were used to 
validate the complaint typology, and to provide esti- 
mates of the complaint rates for each of the com- 
plaint categories. An additional 867 negative 
comments from July 2005 were used to determine if 
the frequency and distribution of complaints 
changed significantly over the intervening two years. 
The complaints examined were extracted from a 
sample of over one million eBay comments (across 
both studies), providing an overall complaint rate for 


this study was 0.73 complaints for every 100 com- 
ments made. 

The eBay data was analyzed using content analy- 
sis—a manual process in which every complaint was 
read by at least one of the researchers and categorized 
into one or more of the complaint categories shown in 
Figure 1. The content analysis found negative feed- 
back records often referred to more than one seller 
problem (such as both a communication problem and 
non-delivery). In these cases, the complaint was 
placed into more than one complaint category. There 
were 11,371 different negative comments made in the 
7,438 complaints examined. The complaints were 
grouped into five broad categories: about receiving 
items, about the item received, 
about returning items, about com- 
munication, and complaints about 
bidding. 

Complaints about receiving items. 
Problems related to receiving the 
products are summarized in Table 
1. The principal complaint was 
that the item was paid for but never 
received. This accounted for 
36.52% of all complaints made. 
Although this could have been due 
either to seller or shipper error, the 
buyers largely assumed. that sellers 
had never shipped the item. Com- 
plaints that the item was paid for 
but never received usually represent 
an accusation of non-delivery 
fraud. In a very small fraction of the 
complaints, buyers complained of 
non-delivery without allowing suf- 
ficient time for the seller to ship the 
item, as in this complaint: “It has 
been over a week. Where is the 
jacket?” However, in these cases the complaint was 
coded as slow shipping as opposed to non-delivery. 
The average amount of time buyers waited before 
placing a complaint accusing a seller of non-delivery 
was 36 days and 74.5% of buyers waited at least 21 
days before complaining about non-delivery. A com- 
parison of complaint rates for 2003 with those of 
2005 showed that a higher proportion of buyers made 
allegations of non-delivery fraud at the later date. 
However, the overall rate of complaints about receiv- 
ing items remained relatively constant. 

Complaints that the auction was won but the 
transaction was not completed because the buyer 
never heard from the seller, the seller did not follow 
through with the sale because the price was too low, or 
the seller no longer had the product to sell were found 


Table 2. General 
complaints about 
items. 
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in 9.01% of all complaints. These are not fraud 
because the buyer did not lose any money. However, 
it does violate eBay’s policy on non-selling sellers, 
which states: “It is not permitted for a seller on eBay 
to refuse payment or delivery of an item at the end of 
a successful sale.” 

There were a variety of problems reported related 
to the shipment of the item, with 6.7% of buyers 
complaining that their products were shipped late or 
to the wrong address. There were also complaints that 


Complaint 
Instances 


Total for Complaints About Returns or Refunds 


(b) Complaint Example 


Total for Complaints About Returns or Refunds 


sellers overcharged for shipping, with buyers charging 
that the seller used excessive shipping charges to make 
extra money on the sale. In general, shipping prob- 
lems do not constitute fraud, nor do they violate any 
stated eBay policies. If the complaint indicated that 
the excessive shipping charge was different than the 
one listed in the auction it was categorized as fee 
stacking, which is fraudulent, not as shipping over- 
charge. 

General complaints about items. In the sample of 
7,438 complaints were several reported problems 
related to the products themselves (see Table 2). 
These include cases where the item received was 
undamaged but the buyer was dissatisfied, the item 
received was damaged, and the item received 
appeared to be counterfeit or stolen. In 26.27% of 
complaints, a working product was received but the 
complaint indicated that the item had been misrepre- 
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sented either in the item title, description, or photo. 
Most often, the buyer complained that the seller had 
omitted important product details from the descrip- 
tion. Buyers also complained that the item received 
was not the item they purchased. Usually, the incor- 
rect item received was of lower 
quality or had fewer features than 
the item that the buyer actually 
purchased. There were also com- 
plaints that the item was of lower 
quality than the buyer expected. 
These complaints included words 
like “junk” or “trash.” Buyers also 
complained that they did not 
receive everything they had pur- 
chased or that that the item had 
an unexpected color, texture, size, 
or smell. Some of these fraud alle- 
gations could have been the result 
of buyer error, but the majority are 
likely cases of misrepresentation 
fraud in which the seller inten- 
tionally (or unintentionally) mis- 
represented the product to receive 
a higher price. 

Buyers reported receiving dam- 
aged or defective goods in 7.76% 
of the complaints filed. The cases 
where buyers reported the damage 
was present before shipping were 
recorded as a problem with the 
item (instead of a problem that 
occurred during shipping). These 
would also be cases of misrepresen- 
tation fraud. In all, 30.3% of the 
complaints alleged there had been 
some type of misrepresentation fraud committed. 

This complaint category also included complaints 
from buyers who believed their products to be forged, 
copied, or stolen. A total of 146 complaints (2.39% 
of the total) related to illegal products, or black mar- 
ket fraud. None of the complaints about illegal prod- 
ucts indicated that the products had been purchased 
with stolen credit; this would be a different type of 
fraud: triangulation. 

Complaints about returns or refunds. Table 3a sum- 
marizes the complaints related to returning the prod- 
uct or receiving a refund. These complaints were 
often coupled with some other type of complaint. For 
example, the following complaint indicates that the 
seller appears to be making income from fraudulently 
misrepresenting products and then charging cus- 
tomers to correct his error: “Sent wrong speakers he 
wants 2 charge me 25% restocking 4 his mistake! 


Table 3. (a) 
Complaints about 
returns or refunds, 
(b) Communication 
complaints. 


43.60% 


Bewarel!!”. Other complaints related to refunds and 
exchanges include sellers accepting a product return 
but never sending the refund, sellers who refuse 
refunds altogether, and cases where refunds were only 
obtained after eBay, PayPal or law enforcement were 
involved. Most of the refund-related complaints 
began with the fraudulent non-delivery of goods or 
with goods that were misrepresented (732 of 796 
refund complaints). 

Complaints about communication. Vable 3b sum- 
marizes the complaints that included some reference 
to a communication difficulty. Often the buyer's first 
sign that he or she would be a victim of non-delivery 
fraud was a difficulty communicating with the seller. 
In 1,287 of the 2,716 
reported instances of non- 
delivery, the buyer also 
reported difficulties in con- 
tacting the seller either via 
email or phone. In 404 
cases, communication dif- 
ficulty (either nonresponse 
to email or rudeness) was 
the only problem reported. 
However, more often com- 
munication difficulties co- 
occurred with other types 
of reported problems. One 
type of communication 
problem indicates a type of 
fraud, known as fee stack- 
ing fraud. This occurs when the seller changes the 
price of the item, shipping cost, or payment methods 
accepted after the close of the auction. Fee stacking 
was reported in 1.26% of online auction complaints. 

Complaints about bidding. No problems related to 
bidding were reported in any of the complaints from 
2003. However, two complaints about shill bidding 
were found in the 867 complaints from 2005. There 
were also five complaints about bid cancellation. In 
these cases the sellers cancelled the winning bidders 
bid because the price was either too low or because 
they made a side deal to sell to a different seller. 


Non-Delivery 


&) 


Black market 
goods 


Shill 
Bidding 


CONCLUSION 

Results of this study indicate that more than 97% of 
complaints allege serious problems with the seller. 
Comments often indicate that sellers lack business 
training and clear commerce standards, like proper 
communication skills (44.2%) and appropriate 
return policies (10.5%). This suggests that legiti- 
mate online auction sellers interested in establishing 
a “good reputation” should maintain good commu- 
nication throughout the auction process and be will- 


ing to accept returns—especially in the case of seller 
or shipper error. 

However, a greater proportion of the complaints 
contain allegations of fraud. This study shows that 
69.7% of negative comments posted in eBay's feed- 
back forum indicate the seller may have defrauded the 
buyer by failing to deliver the item, misrepresenting 
the item in the product description, selling illegal 
goods, adding charges after the close of the auction, or 
by shill bidding. The proportion of complaints that 
allege fraud increased slightly between 2003 and 2005 
(from 69.4% to 71.8%); however, the increase was 
not statistically significant (p=0.158). The fraud alle- 
gation rates (as a percentage of complaints made) for 
each online auction fraud 
type are summarized in 
Figure 2. This data indi- 
cates that both non-deliv- 
ery fraud (found in 
36.5% of complaints) 
and misrepresentation 
fraud (found in 30.3% of 
complaints) comprise the 
vast majority of frauds 
reported. Black-market 
goods (stolen, counter- 
feit, or pirated goods) 
were only reported in 
2.4% of the negative 
comments analyzed. This 
may mean that buyers 
were unaware that the 
goods were illegal or that 
they did not care that the 
goods were illegal as long 
as they got a good price. Fee stacking was only 
reported in 1.2% of complaints. This type of fraud 
may be less prevalent because it only generates a small 
return (the extra fee sellers tack on after the auction 
close). Shill bidding was only reported in 0.03% of 
the auction complaints. Shill bidding is difficult for 
the average buyer to detect, and thus, actual instances 
of shill bidding may be much higher than those 
reported as negative feedback. Finally, triangulation 
was not reported in any of the complaints examined. 
In general, buyers would only know they were a vic- 
tim of triangulation if contacted by the merchant vic- 
tim or law enforcement; something that would 
happen long after feedback was provided to the seller. 
As with black market goods and shill bidding, it is 
likely that triangulation fraud is underreported in the 
eBay reputation system. 

The primary contribution of this research is that it 
demonstrates that reputation systems contain infor- 
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Figure 2. Online auction fraud 
reported as percentage of eBay 
complaints. 
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mation about online auction fraud that is not found 
anywhere else. eBay has consistently maintained that 
less than 0.01% of its auctions are fraudulent [1, 7]. 
However, this study suggests that the problem of 
online auction fraud may be more severe than the 
number of officially reported cases would indicate. 
Prior research shows that between 41.8% and 52.1% 
of all successful auctions receive feedback [4, 8]. The 
rate of negative feedback (as a percentage of all feed- 
back left) found during this study was 0.73%, and 
69.7% of negative comments alleged fraud. Thus, the 
rate of fraud accusations (as a percentage of com- 
pleted auctions) made in the eBay reputation system 
was closer to 0.2%, 20 times higher than the rate 
reported through official channels. 

This research highlights the prevalence of various 
types of fraud at online auction sites and suggests 
more could be done to reduce current fraud rates. For 
example, since many of the fraud complaints relate to 
non-delivery of goods, online auction sites could 
more actively promote the use of escrow services, 
which reduce the ability of sellers to accept payment 
without delivering goods. This research also shows 
that reputation systems contain important informa- 
tion related to fraudulent activities, and thus 
improvements to these systems could make it easier 
for buyers to detect and avoid fraudulent sellers. For 
example, mixing negative comments with the large 
number of positive comments may make it more dif- 
ficult for buyers to find comments about illegal 
behavior. Redesigning reputation systems so that 
recent negative feedback is highlighted could poten- 
tially improve a buyer's ability to assess fraud likeli- 
hood. 

One benefit of this study is that it presents a frame- 
work for classifying complaints and information 
about the rate of fraud occurring on the eBay online 
auction site during 2003 and 2005. This provides a 
baseline for future research on online auction fraud 
and will allow researchers to assess the effectiveness of 
fraud reduction measures. 

One limitation of this study is that it focused 
exclusively on eBay, which was selected for this study 
because it owns nearly 75% of the global online auc- 
tion market share. For this reason fraud rates for eBay 
dominate any determination of auction fraud rates in 
general and it is common research practice to use 
eBay data exclusively when studying online auction 
markets. However, each online auction site has differ- 
ent security precautions, which could change fraud 
rates for these sites. Doing an in-depth comparison of 
complaint rates across multiple online auction sites 
was beyond the scope of this study, but should be 
included in future research on online auction fraud. 
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This research shows that reputation systems serve 
an important function in today’s online world. They 
can allow buyers to assess the trustworthiness of 
unknown online auction sellers and can be used by 
sellers to improve their customer service. However, 
these systems play another important role. They con- 
tain information about potentially illegal activities. 
Since the rate of fraud reported in these systems is 20 
times higher than the rate quoted by eBay, it is likely 
that instances of online auction fraud are often 
reported only in these systems. This makes these sys- 
tems important to both online auction houses and to 
law enforcement as they try to combat rising levels of 
online auction fraud. 
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Globally distributed teams have become increasingly 
common in many sectors. Yet managing dispersed 
groups is far more challenging than managing co- 
located teams. Some advances in supporting globally 
distributed collaborative work have been introduced 
in recent years mainly in the form of information 
and communication technologies (ICT). In this 
regard, the focus of research and practice has tradi- 
tionally been on the appropriate application of tech- 
nical and operational mechanisms, such as tools, 


F2F Meetings: The challenges in developing social ties in globally distributed projects 


F2F meetings are short and tend to offer only limited social space that accommodates cultural differences. 


Most time spent in F2F meetings is dedicated to project eagees had technical i issues (that is, they are 


formal to a great extent). 


F2F meetings are selective in the sense that not all counterparts are invited to F2F meetings. 


Short and infrequent F2F meetings offer sporadic interpersonal interactions between remote counterparts, 


which restrict the build-up of interpersonal relationships. 


ICT offers limited opportunities for personal contact and social space, as compared to F2F meetings. 


methodologies and coordination mechanisms that 
support coordination activities between dispersed 
project teams. As a supplementary mechanism, 
which improves collaborative work through the 
development of interpersonal ties between remote 
counterparts, firms also advocate face-to-face (F2F) 
meetings [9, 11]. In this article, we focus on the use 
of F2F meetings in promoting collaboration 
between remote counterparts. 

The entire project team usually attends these for- 
mal meetings, which are designed to address project 
management and technical issues, as well as to create 
interpersonal ties and improve collaborative work 
between remote counterparts [1]. We argue that F2F 
meetings, though very much needed, still pose chal- 
lenges to globally distributed teams in creating and 
sustaining social ties between remote counterparts. 
Consequently, we propose a set of activities that 
improves and renews social ties between remote coun- 
terparts, before and after F2F meetings. These activi- 
ties are organized into three stages for developing 
social ties that we label as: Introduction, Build-up, 
and Renewal. We briefly summarize evidence from 
several projects at the software company SAP and 
oscilloscope manufacturer LeCroy, and we offer prac- 
tical implications to managers. 


THE CHALLENGE OF SOCIAL TIES 

Globally distributed projects consist of two or more 
teams working together to accomplish project goals 
from different geographical locations. In addition to 
geographical dispersion, globally distributed teams 


face time zone and cultural differences that may 
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include, but are not limited to, different languages, 
national traditions, values, and norms of behavior 
[1]. To cope with such differences and to ensure a 
smooth collaborative mode of operation between 
remote counterparts, numerous technical and oper- 
ational mechanisms have been offered to managers, 
including collaborative technologies (such as group- 
ware technologies that include email and instant 
messaging [2, 10, 12]) and coordination mecha- 
nisms (such as more explicit, documented, and for- 
malized project _ processes 
through standardizing and doc- 
umenting the development 
methodology, and through the 
division of work aimed at reduc- 
ing the need for inter-site coor- 
dination and communications 
[4, 6]). 

Thus far, the solutions pro- 
posed to support collaborative 
work of globally distributed 
teams have been technical in 
nature, paying little attention to 
the human and social aspects 
involved in such settings [3]. The 
few studies that have focused on social aspects in 
globally distributed projects have suggested that firms 
should promote and hold F2F meetings to tighten 
interpersonal ties between remote counterparts in an 
attempt to improve collaborative work [7, 8, 11]. 
Indeed, creating and renewing social ties between 
remote counterparts may even open additional chan- 
nels, supplementary to technical solutions, through 
which collaborative work can be improved. Using 
F2F meetings to advance social ties in globally dis- 
tributed teams may also improve the formation of a 
globally distributed team as members get to know 
each other during these meetings, learn about cultural 
differences between team members, discuss and agree 
on ways to resolve tensions, set up procedures for 
coordinating work activities, and start working 
together toward a successful completion of a project 
[5]. 

In line with past research [1, 5], we have observed 
that supporting interpersonal contacts between 
remote counterparts throughout the project life cycle 
is rather challenging—creating and renewing such 
contacts throughout the project life cycle poses a 
strong challenge for managers. So far, the emphasis 
from practice and research has been on F2F meetings 
that set the stage for bonding and socializing between 
remote counterparts, and as a vehicle for creating 
social ties between remote counterparts. Nonetheless, 
we argue that F2F meetings alone may not create the 


Table 1. The challenges 
of social ties and F2F 
meetings. 


conditions through which interpersonal ties between 
remote counterparts can be created and renewed. F2F 
meetings tend to last only a few days, and the agendas 
for these meetings often revolve around project and 
technical issues that must be resolved, leaving little 
space for socialization and one-on-one meetings. In 
Table 1 we have summarized the emerging challenges 
in creating social ties between members of globally 
distributed teams. 

While F2F meetings assist in acquainting counter- 
parts of globally distributed teams with each other 
and addressing project and technical issues, these 
meetings, being sporadic, short, selective, and formal 
to a great extent, hardly support the long-term build- 
up and renewal of interpersonal ties between dis- 
persed counterparts. In the following paragraphs we 
present evidence from SAP and LeCroy, two compa- 
nies in which software development teams collaborate 
globally to develop products. In particular, we focus 


structure of mini-teams and contact persons was crit- 
ical in ensuring a smooth flow of information between 
remote teams. 

F2F meetings were organized to make time for 
one-to-one interactions between remote counterparts 
so that they could get to know each other and become 
familiar with communication styles. These activities 
included team-building exercises, and discussions 
about communication styles and about rules for com- 
munications between individuals and teams. These 
activities assisted in creating interpersonal ties, relax- 
ing tensions, and improving understanding between 
remote counterparts. 

After F2F meetings, activities included regular and 
frequent communications, such as teleconferences 
and videoconferences between software managers and 
developers, and short visits to remote locations. In 
particular, when newcomers joined, managers orga- 
nized videoconferences to introduce new team mem- 


While F2F meetings assist in acquainting counterparts of globally distributed 
teams with each other and addressing project and technical issues, these meetings, 
being sporadic, short, selective, and formal to a great extent, hardly support the long-term 
build-up ano renewal of interpersonal ties between dispersed counterparts. 


on before and after F2F meeting activities that con- 
tributed to collaborative work through the develop- 
ment of social ties. 

The Collaborative Tools project at SAP was located 
at three sites: Germany, India, and the U.S. When the 
project was launched in September 2001, the key 
players (managers and architects) and team members 
from remote locations did not know each other. 
Before F2F meetings, activities revolved mainly 
around creating awareness of the composition of 
remote teams and their members. Videoconferencing 
sessions were scheduled between the three locations to 
introduce the remote counterparts to each other. Fur- 
thermore, global mini-teams were formed, consisting 
of technical staff from different remote locations who 
jointly worked on one design module. These mini- 
teams also needed to communicate with other mini- 
teams to ensure a smooth integration of the different 
modules. For each mini-team a contact person was 
appointed. The contact people were senior technical 
staff located in Germany. These contact people were 
responsible for providing and communicating infor- 
mation about the design and integration processes to 
their mini-teams. Since the remote counterparts did 
not know each other and the process of becoming 
acquainted took, in some cases, several weeks, this 


bers. However, to ensure that remote counterparts 
would stay in touch, speak the same “lingo,” and feel 
comfortable working remotely, managers traveled to 
remote sites at least once every three months, and 
developers visited remote sites a few times a year. 
These activities reportedly improved the bonding 
between remote counterparts and enhanced the col- 
laborative atmosphere across the team. 

The project studied at LeCroy, called Maui, was 
distributed across two sites: Switzerland and the U.S. 
These software team members had a long history of 
working together; thus, when this study was carried 
out, the team had already developed strategies for 
working together across distance. However, the Maui 
project, which involved switching to Microsoft COM 
technology, introduced new challenges, since the 
LeCroy software engineers were using new technolo- 
gies to develop embedded software. Therefore, one of 
the dilemmas LeCroy faced while developing the 
Maui platform was how to jointly train embedded 
programmers located at different sites, while ensuring 
the transition would not trigger disruptive communi- 
cation problems and breakdowns. 

Pre-F2F meeting activities included transatlantic 
videoconferences in which newcomers were intro- 
duced to the team. To reduce language barriers, soft- 
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ware engineers in Geneva, 
whose native language is 


French, were offered Eng- Stage 2 
lish language lessons. a 
Overcoming language 

barriers, in addition to the Stage | 

3 P Introduction 

introduction of remote Before F2F 
counterparts _—_ through 

videoconferences, was a Newcomers 


key factor in creating 
direct and effective com- 
munication channels 
between remote counter- 
parts. The videoconferences furthermore helped 
increase team member awareness of communication 
styles rooted in cultural differences, and reminded 
them to be attentive to the style and content of com- 
munications. 

Several F2F meetings were held by this distributed 
team. A key F2F meeting in a remote Alps location 
combined training sessions in Microsoft COM tech- 
nology with social events allow- 
ing participants to get to know 
each other better. 


Figure 1. The life cycle of 
social ties. 


During F2F 


Introduction 


ware development team, 
followed by a F2F meet- 
ing between the engineers 
involved in the particular 
assignment. These activi- 
ties were carried out in 
addition to regular short 
visits and relocations in 
an attempt to renew 
interpersonal ties between 


Stage 3 


After F2F 


remote counterparts. 


IMPLICATIONS: THE LIFE CYCLE OF SOCIAL TIES 

The before, during, and after F2F meeting activities 
described here provide insights into the way SAP and 
LeCroy supplemented collaborative tools and 
methodologies with human-related activities to 
ensure the build-up and renewal of social ties 
between remote counterparts. The experiences we 
have described suggest that firms benefit from shift- 
ing the traditional focus on F2F meetings as the 


Build-Up Renewal 


Individual * Increase awareness * Create space for + Ensure real-time 
2 A aera of communication styles one-on-one interactions communication channels 
Post-F2F meeting activities + Offer language courses + Provide sense of * Ensure mixed audio and 
included frequent communica- + Offer short visits of importance to each member visual cues 
: : " individuals to remote * Adjust communication * Offer short visits to 
tions between the remote sites 1n locations styles remote locations 
+ Offer temporary 
the form of teleconferences, co-location 
videoconferences, and _ visits by Team * Introduction of new * Conduct kick-off meeting * Facilitate reflection 
team members * Discuss differences between sessions 
manager . from Geneva and N.Y. * Increase awareness of national and organizational * Facilitate round-the-table 
several times a year. Short Visits team composition cultures discussions 
P * Increase awareness of * Offer space for multiple + Facilitate progress 
and the temporary co-location of communication protocol interactions between meetings 
f : | ke + Appoint contact person counterparts * Conduct virtual F2F 
soltware engineers also too per remote team * Offer team-building meetings 
_¢ Set up mini-teams exercises * Offer F2F meetings 
place, so remote counterparts _ ° Offer virtual F2F meetings + Organize social events : 
could work and solve design : oe eee 
structure 
problems together, as well as a 
Organizational + Distribute newsletters * Support sharing of * Encourage direct 


improve interpersonal contacts. 
Lastly, a wide range of collabora- 
tive technologies employed in 
daily communications allowed 
remote counterparts to combine 
audio and visual cues, by under- 
taking design reviews using appli- 
cation sharing tools and the 
telephone simultaneously, for 
example. While these activities 
reduced miscommunications and 
breakdowns and improved collab- 
oration during the design process, several team mem- 
bers reported that the sense of bonding, which was 
strong right after a F2F meeting, faded away, often 
leading to miscommunications and tension between 
remote counterparts. To overcome this situation, man- 
agers organized videoconferences with the entire soft- 


Table 2. Individual, 
team, and organiza- 
tional activities 
supporting social ties. 
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* Create and offer shared 
cyberspaces 


information from F2F 
meetings (for example, photos) 


communication channels 


main vehicle through which interpersonal ties are 
created, to include before and after F2F meeting 
activities. 

Managers should consider the full lifecycle of social 
ties when they plan and execute collaborative work 
between remote sites. The life cycle of social ties consists 
of three stages: Introduction, Build-up and Renewal (as 
shown in the figure here). Each stage represents an array 
of activities that a globally distributed team can partici- 
pate in to move from the Introduction stage to the 
Build-up of social ties, and finally to the Renewal phase, 


in which social ties are renewed after F2F meetings. 


LeCroy, for example, invested in activities associ- 
ated with the Renewal stage. SAP, on the other hand, 
mainly invested in activities associated with the Intro- 
duction and Build-Up stages. Most companies will 
tend to engage in activities associated with the Intro- 
duction stage to introduce newcomers when a new 
project is assembled. 

What implications does this study have for team 
development? In line with past research we have 
observed that development of globally distributed 
teams faces unique challenges induced by geographi- 
cal and cultural differences, thus requiring manage- 
ment’s intervention in supporting the timely 
development of a team from “forming, through 
storming and norming to performing” [5]. Further- 
more, from a social ties perspective, we observed that 
our globally distributed teams had to “re-norm” from 
time to time, mainly because newcomers joined and 
changed the dynamics of interpersonal ties within dis- 
persed teams. In addition, disagreements and mis- 
communications arose even in late stages of the 
project due to fading interpersonal ties. For this rea- 
son, we recommend that managers consider “te- 
norming” dispersed teams and renewing social ties 
through bonding activities, such as short visits or F2F 
meetings—both in the early stages of the team devel- 
opment and the later stages, when social ties may fade 
and affect collaborative work. 

To act upon the model noted here, managers could 
consider various activities at the individual, team, and 
organizational levels (see Table 2). Activities within 
each level contribute to the development of social 
interactions across the entire organization. For exam- 
ple, language lessons offered at the introductory stage 
are likely to contribute to one-on-one interactions 
when the build-up of social ties is taking place, and 
these lessons will also support direct communications 
when ties are renewed. 

Prior to introducing specific activities, managers 
should ascertain the dispersed team’s current stage. 
Teams in the Introduction stage, for example, require 
different types of activity to support the build-up of 
social ties than teams in the Renewal stage. Further- 
more, as the project progresses and remote counter- 
parts get to know each other and establish a 
collaborative mode, renewing these social ties may 
require only a subset of the activities offered in Table 
2. In this regard, the activities offered in Table 2 are 
not a recipe for building and renewing social ties but 
rather represent a set of possibilities from which man- 
agers can choose when attempting to strengthen social 
ties between team members. Comprised of a unique 
assortment of unique individuals, each team differs in 
how it bonds with others, thus requiring a different 


set of activities that support the renewal of these social 
ties. It is the manager's responsibility to sense, analyze, 
and apply the most appropriate and timely activity, to 
ensure that social ties are renewed, and collaborative 
work is improved [5]. 

Lastly, the renewal and the strengthening of inter- 
personal relationships may benefit from staffing proj- 
ect teams based on their shared past experience in 
addition to their set of skills and expertise. Through 
such considerations, firms may reduce the costs asso- 
ciated with the initial development of social ties and 
focus more on activities that aim at renewing inter- 
personal relationships. @ 
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KNOWLEDGE 
MANAGEMENT 


IN SMALL AND MEDIUM-SIZED 


ENTERPRISES 


A balanced combination of management support, technology, 
and organtzational structural factors ts necessary for succedsdful 
knowledge management program implementation. 


nowledge has long been recognized as a crucial competi- 
tive tool for organizational survival and competition. In 
practice, many organizations that are adept in leveraging and 
capitalizing their knowledge resources experience business success 
nd performance improvement [4]. Despite dedicated attempts 
to follow the prescribed knowledge management (KM) 
guides and success path, small and medium-sized enter- 
~ prises (SMEs) often encounter uncertainties and face the | 
threat of possible failure or unmet KM results, which are little known and 
attended [11]. This study on KM capability was motivated with a view to 
filling this knowledge gap and in consideration of the important economic 
role played by SMEs in many countries. In Hong Kong, SMEs represent 
98% of business establishments and 50% of total employment according | 
to Hong Kong Government statistics circa 2007. In comparison with the | 
large enterprises, SMEs could be even more nimble and flexible in adapt- | 
ing their systems and structures for KM purposes, with fewer problems 
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of communication, implementation, and replacement 
costs [11]. 

As suggested by Gold et al. [3], effective KM is pri- 
marily influenced by two types of KM capability— 
infrastructure and process that have to be deployed and 
harnessed to sustain organizational competitiveness. 
This article reports the findings of survey research that 
adapts the measurement items from Gold et al. [3] (see 
Table 1). Our sample is 
drawn from 68 SMEs with 
KM initiatives launched in 
the past few years. In this 
study, we consider any orga- 
nizations that employ fewer 
than 200 employees as 
SMEs [9]. Key informants in 
the surveyed organizations 
completed the question- 
naires, and the profiles and 
background information of  Applicati 
the organizations (such as. % 
organization size) and 
respondents (job position) 
are aggregated in Table 2. 
The results show the mere presence of KM awareness 
or KM operation plans are no guarantee the KM pro- 
grams will automate and be successful as expected. 
Organizations must harness a balanced deployment of 
culture, technology, and structure infrastructure, 
together with adequate capability to acquire, combine, 
apply, and create knowledge. Some specific recommen- 
dations based on the study with particular reference to 
individual capability dimensions are provided later in 
this article. 


KNOWLEDGE MANAGEMENT GOALS 
With regard to the keen competition and dramatic 
changes in the business environment, most SMEs 
claim they are attracted to the KM promises, with its 
proven impacts on productivity and profits in many 
other organizations [11]. Nearly half (49.2%) of the 
respondents stated that the primary goal in pursuing 
KM in their organizations is to manage knowledge 
resources and the sources, then, to increase profit 
(44.4% ), to reduce duplication of work (44.4%), and 
lastly, to gain competitive advantages (41.3%). In con- 
trast, controlling information overload, improving 
business processes, and inspiring innovation received 
the least attention or may be considered out of their 
business agenda. 

Particularly due to the limited human capital and 
relatively small organizational size, most respondents 
described that the KM goals in their organizations 


remain elementary or least inspiring. For example, 
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some respondents described that their organizational 
members, particularly those at junior or operational 
levels, usually show minimum interest in KM such as 
in sharing ideas. They seem to be passive and prefer 
management or seniors to provide instructions on the 
kind of knowledge that has to be explored, the 
resources or contact persons needed, and new product 
or service ideas to be discussed. In essence, they claimed 
that KM is relatively new 
and abstract; therefore, a 
“wait and see” attitude 
can minimize the chance 
of committing mistakes. 

Other respondents 
claimed their top man- 
agement takes an “assem- 
bly” approach to set the 
goal, and then shifts the 
KM responsibility to the 
information technology 
department/colleagues to 
follow up. The respon- 
dents further com- 
mented that _ their 
management is too preoccupied in 
developing business opportunities, 
and assume the IT department is 
able to convert the explicit KM 
vision into corresponding KM activities and programs. 
On the other hand, the IT departments often empha- 
size their technical specialization, and claim they have 
no time to consider management issues (such as what 
knowledge can be considered the core to business sur- 
vival). Without a common discourse of KM goals, the 
IT departments cannot grasp an appropriate working 
definition of knowledge, while treating KM as another 
type of IT project, falsely expecting that the systems 
can automate the KM processes, (such as storing all of 
what the employees know into a giant database that 
can promote knowledge sharing). As such, among 
those respondents with KM systems used in their orga- 
nizations, more than 50% of the respondents assert 
that the KM systems they used (such as knowledge 
sharing and repository platform) are not useful to the 
end users because of undue system functions (difficult 
to search useful information from volumes of docu- 
ments) and poor interfaces (difficult to locate the func- 
tional key buttons). 


Table 1. Survey 
items extracted from 
the questionnaire. 


INFRASTRUCTURE CAPABILITY 

From the perspective of social capital, it is believed that 
new knowledge can be effectively developed through 
the connection and interaction of people, networks, 
and norms [3]. Three specific dimensions of the infra- 


structure capabilities have been investigated in the cur- 
rent study: technology, structure, and culture. The 
SMEs are found with financial capital constraints, 
which directly affect their KM systems in place. 
Forty-eight respondents (70.6%) stated their organi- 
zations neither possess nor intend to install any KM- 
related technical support such as corporate yellow pages 
and groupware. A plausible explanation is that their 
senior management is technocratic but fails to appreci- 
ate the positive impacts of technology that can improve 
the business processes. Of the 20 respondents, 50% 
stated that document man- 
agement system and yellow 
pages are widely adopted as 
KM systems to facilitate 
knowledge capture and stor- 
age. Despite the presence of 
awareness toward the indis- 
pensability of information 
technology to organizational 
success, the respondents 
revealed they do not often 
utilize the existing KM sys- 
tems in their organizations. 
Some expressed their fear 
with regard to job security, 
saying if they adopt more 
technology in their work 


Respondents by age 
process, management may 


consider substituting man- oa) 
power with technology. Below 35 


The relatively flat owner- 
manager role and informal 
structure of SMEs are gener- 
ally regarded as conducive to 
prompt intimate communi- 
cation across organizations. More than half (61.8%) of 
the respondents stated their organizations have a favor- 
able and simple structure that promotes collective 
rather than individual behavior, thus encouraging inter- 
personal interaction and sharing of knowledge among 
employees. However, the results showed that a con- 
tentious reward system was often employed to achieve 
the goals of the company. In line with this, 54% of the 
respondents were found unwilling to share knowledge 
as they do not feel or sense the benefits of doing so. 
They stated that knowledge is scarce and can be con- 
sidered as personal capital; therefore, it should not be 
shared or traded unless adequate rewards are provided. 
In addition, a number of respondents (44.4%) have 
been working in their present organizations and present 
positions for a long period of time. They have devel- 
oped a good understanding of their roles and job 
responsibilities and have been content with them. Yet, 


Respondents by gender 


Table 2. Profile of the 
respondents in SMEs. 


Organization by business sector 


they have little interest in knowing what others are 
doing as they perceive the more they know, the more 
duties will be designated to them. Therefore, it dis- 
courages the creation of new knowledge as they mini- 
mize their efforts to engage in cross-functional learning 
or sharing. 

Interestingly, it was found that the SMEs demon- 
strate a paradoxical culture capability on individual 
knowledge development. Culture capability as defined 
by Gold et al. [3] refers to the “shared and widely 
accepted values and visions that permeate in mind to 
direct work practice 
or facilitate necessary 
changes.” The findings 
revealed the majority of 
the respondents (80.5%) 
held a positive perception 
and feeling toward the 
importance of KM in 
leveraging organizational 
performance and com- 
petitiveness, in particular 
_ if knowledge can be used 
— within their working 

groups, teams, or depart- 

ments. However, it was 
also found that such KM 


vision is not communi- 


cated effectively through- 


26 ‘ aaa 
- out the entire organization. 
Bh In practice, some managers 
are influenced by their per- 


sonal values in assessment 
of performance based on an individual's expertise and 
experience, instead of group contribution and team effec- 
tiveness. Therefore, more than 80% of the 68 respon- 
dents claimed their employees are willing to participate 
or have been engaged in various on-the-job training ses- 
sions as these sessions can directly improve their skills, 
efficiency, and organizational performance. 

It is also interesting to note that while the KM cul- 
ture is promoted extensively, more than half (51.5%) 
the respondents stated it is a flamboyant deed, as senior 
management support and dedication to KM could be 
inadequate and sporadic. For example, the KM vision 
is infrequently reviewed once it was established; the 
essential knowledge of business success may not be 
incorporated. Some other respondents (38.2%) stated 
their KM philosophy is presumed to allow making mis- 
takes as the pathway of learning. However, a lot of their 
employees found that cases of failure are often associ- 
ated with or perceived as incompetence (or incompe- 
tent staff), wasting organizational resources and having 
an adverse effect on their performance evaluation. 
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Thus, it reaffirms our prior finding (in the discussion 
of KM goals) that employees are neither highly proac- 


tive nor motivated to KM endeavors. 


PROCESS CAPABILITY 

Taking into account the synergy and integration of 
organizational resources, it is believed that knowledge 
can be created through a dedication of acquisition, 
conversion, application, and protection of knowledge 
assets [3]. Most of the respondents stated that various 
kinds of knowledge are present and do exist in differ- 
ent repositories. However, they encounter problems in 
capturing knowledge in terms of quantity, place, time 
and people. In fact, a majority of the respondents 
(75%) complained against information overload or the 
excessive influx of information that is not systemati- 
cally sorted or filtered. More than two-thirds of the 
respondents (69%) claimed there is no unanimous or 
systematic mechanism to store knowledge captured 
from various employees. Given the relatively informal 
organizational structure, the majority (88%) stated that 
they are required to spend a lot of time doing addi- 
tional work that is not specified in their job descrip- 
tion. As such, they can hardly find time to engage in 
knowledge sharing or discovery. 

In the comparison of different possible knowledge 
sources, nearly half of the respondents (48%) stated 
that employees in their organizations (particularly 
those who are novices) rely mostly on an internal net- 
work (that is, with peers and colleagues) for learning or 
acquisition of expertise where trust and reliability are 
rooted. Those employees with long tenures of work are 
usually perceived as experienced and experts. In con- 
trast, they stated that there are few mechanisms or 
processes formulated to acquire or obtain knowledge 
from suppliers or business partners, not withstanding 
that they have intimate relationships with them. Some 
SMEs are designated the original equipment manufac- 
turers for renowned brand products of international 
firms yet they seldom engage in joint collaboration 
with external parties for acquiring or sharing produc- 
tion and design knowledge. 

Many successful KM practices reveal that once use- 
ful knowledge is identified and acquired, organizations 
should devote efforts and motivate employees to make 
it accessible and explicit to others who need it or have 
not learned yet. More than 70% of the respondents 
mentioned that they can usually communicate and dis- 
cuss the explicit knowledge such as procedures in 
manipulating machines However, while dealing with 
tacit knowledge such as sales experience, judgment of 
competitors’ moves or actions, more than half of the 
respondents (58%) stated that it is difficult to express 
their minds in a comprehensible format (analogy or 
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framework). In addition, most respondents expressed 
that their organizations have been in their respective 
industries for more than 15 years. They claimed their 
management is sensitive toward business changes and 
does not risk taking on changes. Therefore, the 
employees in the organizations agree to “generally 
accepted knowledge,” and prefer to seek “predictability 
and visibility,” maintaining status quo or ensuring sta- 
bility of their work. Moreover, more than 50% put 
emphasis on the value of “face” and status, therefore, 
are unwilling to share ideas and learning experiences 
from past failure or disappointment. They also do not 
have clear processes for replacing outdated knowledge 
or incorporating knowledge from business partners. In 
addition, they are cautious and skeptical to new knowl- 
edge before they integrate it into daily work. 

An exceptional finding identified is that despite the 
uncompromising scenario as described previously, 
approximately 19% of the respondents reported there 
are “informal” working teams (with small group sizes) 
that actively discuss among team members, sharing the 
latest information or effective workflow procedures. 
Other than knowledge conversion, it is important for 
organizational members to apply knowledge to new 
problems or link prior knowledge to stimulate new 
ideas on products or services. Approximately 71% of 
the respondents said their management has put more 
attention on initiating KM programs, while there are 
inadequately formulated plans to direct employees on 
what or how to apply knowledge to improve efficiency 
or regulate strategic direction. As discussed previously, 
the management style of the SMEs somewhat affects 
the inclination of employees toward KM. More than 
50% of the respondents stated the employees in their 
organizations are inclined to maximize their efficiency 
within their scope of expertise or skills. They are tasked 
to exploit their existing knowledge and apply it to sim- 
ilar problems and challenges. 

Another human factor that impedes the extensive 
usage of knowledge is caused by experts within organi- 
zations. More than half the respondents expressed that 
those experienced or highly regarded as experts in orga- 
nizations usually have strong beliefs in their experience 
and become less open to new perspectives or knowl- 
edge. They prefer others, particularly the new employ- 
ees or their apprentices to take on their ideas and 
instructions in a rigid manner. However, the respon- 
dents also revealed there is possibility for a slight change 
in knowledge application in the event of keen compe- 
tition, frequent changes in business environments, or 
succession of younger management. Some (22%) of 
the respondents stated their organizations have initi- 
ated a substantial change in business processes (such as 
streamlining the coordination among departments) in 


the past year. Moreover, 16% of the respondents 
declared their organizations have encouraged innova- 
tion by adopting a breakthrough in applying knowl- 
edge (such as competitors’ design as an extern 
knowledge source and stimuli) to the existing product 
designs and functionality. 

To capitalize on the value of knowledge, manage- 
ment should not overlook the importance of knowl- 
edge protection from inappropriate use, possession, and 
distribution. In relation to this, our respondents 
reported their management does not have a compre- 
hensive mind-set on protecting intellectual capital or 
properties. In general, most of the respondents (80%) 
stated their organizations have some form of control to 
limit the designated parties to access explicit organiza- 
tional knowledge such as product design and manufac- 
turing procedures. However, there are various 
complaints of knowledge loss due to staff retirement or 
leaving. Approximately 66% of the respondents said 
their organizations do not have formal and effective 
plans concerning knowledge succession and they do 
not hold exit exercises with departing key or important 
knowledge personnel. Therefore, the situation of trans- 
ferring knowledge from a company to the competitor 
becomes very common, resulting in a certain threat to 
the prior organizations. In addition, most respondents 
revealed that their management does not have a strong 
intention to undertake close supervision and monitor- 
ing of how knowledge is being used or stored within 
the organizations. More than 60% of the respondents 
stated that the information, documents, or resources in 
computers are not well protected or secured as the man- 
agement usually has unwarranted faith and trust 
toward employees. For example, there are certain occa- 
sions when employees share their passwords with oth- 
ers when asking someone to help in accessing or 
transferring some files. 


THE Way AHEAD 

Knowledge is generally regarded as a strategic asset, 
which is valuable and inimitable by competitors, and 
hence crucial to maintain competitive edge. Develop- 
ing adequate capability to manage knowledge is there- 
fore important. The examination of KM capability in 
the current study reveals that SMEs would need to 
devote more effort and attention in order to harness the 
values of knowledge effectively. It is considered that 
effective KM requires unified and coherent KM pre- 
conditions. In other words, it is our view that the two 
categories of KM capabilities, namely infrastructure 
and process capabilities as external and internal thrusts 
should be more balanced and deployed systematically 
(see the figure here). Management of SMEs should 


understand that effective KM practices require consid- 


erable time and efforts to take effect, given the distinct 
business characteristics and competence of their organi- 
zation. Here, we describe specific recommendations for 
actions SMEs should consider when pursuing further 
improvements of the various capability dimensions. 


INFRASTRUCTURE CAPABILITY 

Technology. In general, the technology capability needs 
to be further strengthened. It has been found that most 
SMEs are underinvested in KM-related technology due 
to financial constraint. Therefore, the SMEs should 
consider seeking assistance from government funding 
schemes for preliminary IT deployment. A simple set of 
a KM system with access to the Internet, email, and 
database management may serve as a cost-effective 
start. For those SMEs with unwelcome or underutilized 
IT applications, management has to reconsider the role 
of people vis-a-vis the KM systems [4, 8]. More end- 
user computing and collaborative design, communica- 
tions, and continuous evaluation can facilitate mutual 
understandings, and increase the sense of acceptance of 
the new technology. 

Structure. It is necessary to supplement the KM- 
prone organization structure of SMEs (by virtue of 
their small size and simple structure) with suitable 
incentive schemes and reward systems to encourage 
more knowledge sharing among the employees [6, 12]. 
In addition, management can set up a steering com- 
mittee or invite experienced key speakers to promote 
KM programs within the organization. It is recom- 
mended that clear responsibilities be assigned to various 
KM toles or specializations to enable effective evalua- 
tion. Furthermore, management should provide a 
transparent report on the KM progress, and publicize 
the progress and development of KM activities tailored 
to all employees to increase interest in getting involved 
in the designated KM tasks. 

Culture. The SMEs are found to possess an aware- 
ness of KM for business competitiveness. However, it is 
necessary to further strengthen management support 
and monitoring of KM visions and goals. Management 
can infuse knowledge vision to everyone visibly, regu- 
larly, and extensively. Being a role model in KM pro- 
grams, management can demonstrate to employees 
that KM is not just management jargon, but is a course 
of action to identify and share everyone's skills and 
experience in order to foster organizational compe- 
tence. Moreover, management should be open to vari- 
ous ideas, opinions, and innovations. 


PROCESS CAPABILITY 

Acquisition. For most SMEs, designated plans are 
needed to be in place to ensure systematic capture, 
screening, categorization, and storage of useful knowl- 


COMMUNICATIONS OF THE ACM April 2008/Vol. 51, No. 4 87 


edge or relevant information from internal networks as 
well as from suppliers and business partners. Employ- 
ees need to be provided with extra time to engage in 
knowledge sharing and discovery [2]. Management and 
employees may jointly identify the working definitions 
of knowledge, skills, and competence that are critical to 
differentiate their own business from that of the com- 
petitors. It is believed that a common discourse and 
unanimous understanding 
of knowledge can easily dif 
fuse KM to everyone 
within organizations. 

Conversion. Manage- 
ment can play a facilitating 
role to involve everyone to 
convert what they know 
into what others can learn 
or what others may have to 
know into comprehensible 
formats [6, 7]. More 
encouragement has to be 
communicated to employ- 
ees that knowledge is not 
confined to a certain group 
of people or to experienced 
staff, Frequent free-ranging 
discussions can be conducted in order to promote cre- 
ative ideas and generate innovative thinking from dif- 
ferent employees. Management may make use of 
intranets to enable employees to share experiences, dis- 
seminate new findings from other competitors’ prac- 
tices, or collaborate to work out novel views on product 
design or business development. 

Application. Employees may be provided with more 
opportunities to utilize and experiment with their 
knowledge on various occasions. Explicit rewards such 
as promotion and implicit incentives such as recogni- 
tion in organization publications and events can be 
used to encourage employees to apply what they know 
or learn, or combine various sources in solving new 
problems and design new products or reconfigure busi- 
ness processes [5, 7]. Management may likewise try to 
adopt new ideas to be implemented in existing work- 
flows or business processes in order to support more 
knowledge experimentation from conceptual ideas to 
practical actions. It should be noted that committing 
mistakes is part of the learning process, thus manage- 
ment should avoid penalizing employees if some new 
ideas do not work as expected. Otherwise, employees 
will have less motivation to devise innovative endeavors 
and will retain the old practices in order to maintain 
their performance and job security. 

Protection. Management has to attend to knowl- 
edge protection at various organizational levels. There 


_ Protection 


Unity of knowledge 
management capability. 
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Acquisition 


Application 


should be well-formulated plans for knowledge suc- 
cession and prevention of knowledge loss due to staff 
departure. Exit exercises can be adopted to take note 
of the important knowledge from the employees, and 
then store it in appropriate systems [1, 10]. In addi- 
tion, management must formulate regulatory control 
or monitoring systems (such as identifying extraordi- 
nary email correspondence between employees and 
external parties) to protect 
information or business 
secrets from being inappro- 
priately used by the 
employees. Moreover, some 
effective reward systems can 
be provided in order to 
increase employees’ loyalty 
toward organizations, thus 
helping to retain knowledge 
within organizations, and 
enabling knowledge to be 
exploited to a greater 
extent. @ 


Conversion © 


Technology 


REFERENCES 

- Burrows, G.R., Drummon, D.L., and Martinsons, M.G. Knowledge man- 
agement in China. Commun. ACM 48, 4 (Apr. 2005), 73-76. 

. Edvardsson, I.R. Knowledge management in SMEs: The case of Icelandic 
firms. Knowledge Management Research and Practice 4, 4 (Apr. 2006), 
275-282. 

. Gold, A.H., Malhotra, A., and Segars, A.H. Knowledge management: An 
organizational capabilities perspective. Journal of Management Information 
Systems 18, 1 (Jan. 2001), 185-214. 

4. Griffith T.L., Sawyer, J.E., and Neale, M.A. Virtualness and knowledge in 
teams: Managing the love triangle of organizations, individuals, and infor- 
mation technology. M/S Quarterly 27, 2 (Feb. 2003), 265-287. 

. King, W.R., Marks, Jr., P.V., and McCoy, S. The most important issues 
in knowledge management. Commun. ACM 45, 9 (Sept. 2002), 93-97. 
6. Mason D. and Pauleen D.J. Perceptions of knowledge management: A qual- 
itative analysis. Journal of Knowledge Management 7, 4 (Apr. 2003), 38-48. 

7. Nonaka, I. A dynamic theory of organizational knowledge creation. Orga- 

nization Science 5, | (Jan. 1994), 14-37. 

- Quan, J., Hu, Q., and Wang, X.A. IT is not for everyone in China. Com- 

mun. ACM 48, 4 (Apr. 2005), 69-72. 

U.S. Small Business Administration; www.sba.gov. 

10. Wasko, M.M. and Faraj, S. Why should I share? Examining social capital 
and knowledge contribution in electronic networks of practice. MIS Quar- 
terly 29, | (Jan. 2005), 35-57. 

11. Wong, K-Y. and Aspinwall, E. An empirical study of the important factors 
for knowledge-management adoption in the SME sector. Journal of Knowl- 
edge Management 9, 3 (Mar. 2005), 64-83. 

12. Zhu, Z.C. Knowledge management: Toward a universal concept or cross- 
cultural contexts? Knowledge Management Research and Practice 2,2 (Feb. 
2004), 67-79. 


_ 


i) 


1Ss) 


Al 


io) 


= 


Ivy CHAN (ccivy@polyu.edu.hk) is a lecturer at the Hong Kong 
Community College, the Hong Kong Polytechnic University. 
CHEE-KWONG CHAO (kchao@ouhk.edu.hk) is an assistant professor 
in School of Business and Administration, Open University of Hong 
Kong. 


© 2008 ACM 0001-0782/08/0400 $5.00 


DOT: 10.1145/1330311.1330328 


DEMOGRAPHIC 
CHANGES 


IN IS RESEARCH PRODUCTIVITY 
AND IMPACT 


ompared to research in other | 

_ business disciplines, informa- 

~ tion systems (IS) research is rel- 

atively in its infancy. In the last E , 

decade, an increasing number Always considered an 

of academic institutions have grea dominated by 

recognized IS as a discipline \7o 44 American institutions 
and have created IS depart- ‘ 2 
ments/groups. These develop- there are JILGNd afoot that 


ments introduced important fhe globalization of 
changes to the demographics of IS researchers. The IS ne ee: pro Sniict ty 2 


regional differences and top performers have ; ; 
changed considerably. making moves, particularly 
In this research, we analyze the development of IS | in Adta ano Europe. 

research in the last decade with an emphasis on | 

demographic changes. More specifically, we examine 

IS research productivity and impact, investigating 

changes in regional and institutional contributions 

and highlighting the top performers for both acade- 


mic and non-academic institutions. This research — 
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THIS RESEARCH SHOULD BE OF INTEREST TO ACADEMICS AND 
PROFESSIONALS ALIKE. THE REPORTED RESULTS WILL ALLOW FIRMS AND 
ACADEMIC INSTITUTIONS TO BENCHMARK THEIR RESEARCH PERFORMANCE 
AND TO IDENTIFY TOP PERFORMERS FOR POTENTIAL COLLABORATION. 


should be of interest to 600 
academics and profession-  ¥ 500 
als alike. The reported 3 400 
results will allow firms B 300 
and academic institutions 2 200 
to benchmark their 100 


a 


research performance and 
to identify top performers 
for potential collabora- 
tion. 

This study will also provide researchers with 
important indicators of IS research, for example, 
overall productivity and impact, evolution over the 
last 10 years, internationalization, concentration, and 
the level of industry involvement. 

Productivity refers to the total IS research publica- 
tions output. Consistent with prior studies we mea- 
sure it with the adjusted count (fraction based on the 
number of co-authors) of research articles published 
by IS researchers in top journals in IS and referent dis- 
ciplines. In addition, we also account for the impact 
of the research output, that is, the level of dissemina- 
tion, which is measured with the adjusted impact 
scores (yearly impact ratios of the journal where a 
research article gets published). The impact ratios are 
reported by the Science Citation Index and the Social 
Sciences Citation Index. 

Although more “objective” than perceptions, 
adjusted counts and impact ratios do not fully 
account for the rigor and prestige of the journals. 
Additional objective measures (for example, accep- 
tance ratios), however, are not readily available and 
subjective measures (for example, journal rankings 
based on perceptions) are usually controversial. A 
quick Web search reveals that except for very few top 
journals, institutional rankings of IS journals differ 
significantly. We therefore opted not to mix objective 
and subjective measures, while acknowledging the 
limitations of our approach. 

The journal selection is based on the most recent 
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1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 


—@®- North America 


citation-based ranking [1], 
with minor differences. We 
chose a cut-off of 0.1 for 
the impact ratio, removing 
Journal of Computer Infor- 
mation Systems (only 0.034 
when listed). We also 


Year removed [EEE Computer, 
Se Europe |) etiaga as it was not clear which 

journal/magazine the 
Figure 1. Annual productivity authors meant. We could 
by region. 


identify several journals/ 
magazines with such a name, 
but all having impact ratios different from the one 
reported in [1]. Furthermore, most previous rankings 
did not include such a journal, but listed instead the 
IEEE ‘Transactions [3, 4]. We therefore consistently 
included JEEE Transactions on Engineering Management, 
IEEE Transactions on Systems, Man, and Cybernetics, and 
IEEE Transactions on Software Engineering [3, 4]. We also 
added the Journal of the Association of Information System 
JAIS). Although this journal has no impact ratio due to 
its relatively short history, it is generally regarded as a ris- 
ing top-ranked journal. Indeed, several recent studies 
have included JAIS as one of the important IS journals, 
for example, [2-4]. Without an impact ratio, this journal 
counts for productivity calculation only. We ended up 
with 25 IS journals. For referent disciplines, we included 
the top 11 journals from the original ranking. 

The collection of information about all articles 
published in the selected 36 journals during the last 
decade (1995-2004) took 40 person-months. To pre- 
vent errors, we incorporated several validity checks 
within the data entry system. We also assigned three 
individuals to check all entries and reconcile discrep- 
ancies. The resulting database consists of 18,711 
research articles written by 24,517 authors from 4,111 
institutions. The identification of research articles is 
based on the ISI classification. An article is included in 
the analysis if it has at least one IS co-author. 


Given the multi-disciplinary nature of IS research, 
we adopted a rather broad view of IS affiliation, defin- 
ing IS authors as those that satisfy one of the follow- 
ing criteria: published in an IS journal; listed in the 
AIS directory; or published in a non-IS journal but 
are clearly affiliated with 
an IS department. We 1.6 
could identify 8,362 arti- 
cles published by 6,760 IS 
authors from 1,901 insti- 
tutions. 

To examine changes in 
productivity and research 
impact in the last decade, 
we compared the first half 
period (1995-1999) to 
the second one 
(2000-2004). The overall 
productivity of IS research 
had a moderate increase of 
14%, from 3,639.07 adjusted article counts in the 
first period to 4,132.46 in the second period. The 
impact of IS research, however, experienced a dra- 
matic boost with the adjusted impact scores increasing 
from 2,260.18 to 4,573.51. This important growth 
rate of 102% provides a 
strong indication for the 
enhanced recognition and 


Average Impact 
° 
oo 


Figure 2. Average annual impact 
by region. 


08 
influence of IS research. 07 
While the overall productiv- 06 


ity of IS research has 
increased slightly, its impact 


has doubled. 


Concentration of top 20 


REGIONAL ANALYSIS 

We limited our regional 
analysis to North America, 
Europe, and Asia, as they 
account for over 95% of 
the publications. As 
depicted in Figure 1, North America institutions 
continuously dominated IS research in the last 
decade with an annual productivity level ranging 
from 423.25 to 572.89 and accounting for 58.2% to 
69.4% of the global productivity. It is worth noting 
that such results are somehow expected given that 
the selected journals are predominantly U.S.-based. 
Although North American productivity dropped 
during 1995-1997 by 19.4%, it picked up again 
gradually in 1998-2002 and in 2003 it experienced 
a sharp increase from 460.38 to 572.89. The annual 
productivity level of Europe remained relatively sta- 
ble, ranging from 136.83 to 184.95 and accounting 
for 18% to 24% of the IS research publications. The 


Figure 3. Annual productivity 
concentration rate by region. 
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biggest change occured in Asia with its annual pro- 
ductivity increasing from 50.71 (6% share) in 1995 
to 149.67 (16.5% share) in 2004. Asia is bridging its 
productivity gap with Europe with a growth rate of 
65% over the last decade compared to 8% for both 


North America and 
Europe. 
As for the overall 


impact, North America 
experienced a decrease in 
the first period (from 
374.54 in 1995 to 218.76 
in 1999) and a boost in the 
second (from 402.32 in 
2000 to 742.97 in 2004). 
The impacts of Asia and 
Europe, on the other hand, 
increased steadily. Consequently, the gap between 
North America and the other two regions decreased in 
the first period and sharply widened in the second. 
The overall impact of Europe increased from 68.5 in 
1995 to 242.42 in 2004, while that of Asia increased 
from 34.16 to 176.11. Interestingly, while Asia was 
able to bridge its productivity gap with Europe, it 
could not reduce the impact gap, which actually 
increased from 34.34 in 
1995 to 66.31 in 2004. 
The changes in overall 
impact are largely due to 
changes in productivity. 

To control for the pro- 
ductivity effects, we also 
examined the annual 
average impact ratios 
(average adjusted impact 
score for a single publica- 
tion). Figure 2 shows a 
small decrease in the first period (1995-1999) but a 
clear upward trend in the second (2000-2004). The 
average impact of Europe improved the most (from 
0.50 in 1995 to 1.39 in 2004) with an average annual 
growth rate of 13.9%, followed by North America 
with 11% (from 0.71 in 1995 to 1.38 in 2004), and 
Asia with 10% (from 0.67 in 1995 to 1.18 in 2004). 
In 2004 Europe’s impact (1.39) exceeded that of 
North America (1.38). Europe bridged its impact gap 
with North America. 

To examine the extent to which IS research pro- 
ductivity is evenly spread among academic institu- 
tions in different regions, we examined the regional 
concentration ratios (percentage of the output of top 
20 productive institutions). As indicated in Figure 3, 
North America and Europe have more or less similar 
concentration ranging from 29% to 44%, sharply 


eEurope —@-Asia 


Year 
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Table 1. Research productivity and impact 
of top 20 academic institutions. 


Institutions 


contrasting with that of Asia. 
Although the concentration ratios 
are slightly declining from 75% in 
1995 to 60% in 2004, research in 
Asia remains highly concentrated 
with 20 institutions contributing 
over 70% of the publications in 
the last decade. 


INSTITUTIONAL ANALYSIS 

Table 1 presents the changes in 
the top 20 academic institutions 
from the first period (1995-1999) 
to the second (2000-2004) based 
on total productivity and impact. 
It is important to keep in mind 
the size factor in interpreting 
these results, as institutions with 
large IS faculty are more likely to 
have better scores. It is interesting 
to notice that the productivity 
rankings are different from the 
impact rankings and that three 
institutions in the top 20 produc- 
tivity list are not in the impact list 
in both periods. These results 
emphasize that productivity does ¢ 
not necessarily lead to impact and © 
that both indicators must be con- | 
sidered in evaluating an institu- 
tion’s research performance. 

The dominance of Massachusetts Institute of 
Technology is obvious. It is consistently ranked first, 
widening its lead in the second period for both pro- 
ductivity (over 50% higher than the second in line) 
and impact (almost 100% higher than number 2). 
Another interesting observation is the absence of 
European institutions in the top performers. Asian 
institutions, however, are becoming more competi- 
tive. The number of Asian universities listed in the 


University of Maryland, College Park 
City University of Hong Kong 


University of Texas at Austin 


49.454]  30.9[ 14] 


45.63[6] 


40.29[8] 


31.41[20] 23.6412] 


top 20 increased from three in the first period to five 
in the second for productivity and from one to two 
for impact. These results are consistent with the high 
concentration ratios of Asia. Although the overall pro- 
ductivity of Asia is similar to that of Europe, fewer 
institutions are driving it. Asian institutions such as 
National University of Singapore and City University 
of Hong Kong are now among the top 10 in both 
productivity and impact. 

The emergence of Asian leaders is contributing 


WHILE STILL DOMINATED BY NORTH AMERICAN INSTITUTIONS, 
THERE ARE SIGNS OF INTERNATIONALIZATION WITH ASIA INCREASING 
ITS PRODUCTIVITY AND EUROPE ENHANCING ITS OVERALL IMPACT. 
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further to the performance dynamism. A comparison 
of the two periods reveals important changes in rank- 
ings and in the composition of the top performers 
with seven new entrants for both productivity and 
impact. Although the composition of the top 20 aca- 
demic performers has considerably changed from the 
first period to the second one, it is still characterized 
by the absence of European institutions and the dom- 
inance of MIT. 

Several firms are actively conducting IS research. 
However, their relative contribution in the last decade 
was minimal, ranging from 4.1% to 5.8% of the total 
productivity and from 4.6% to 6.5% of the total 
impact. Table 2 presents the changes for both produc- 
tivity and impact in the top 10 industry performers 
from the first period to the second one. An analysis of 
the industry performers reveals similar patterns to the 
ones reported for academic institutions in terms of 
dominance, dynamism, and regional representation. 
One firm, IBM, is consistently dominating IS research. 
During the period of 2000-2004, its productivity is 
almost three times that of the second productivity per- 
former (Accenture) and its impact is more than double 
that of the second impact performer (Microsoft). A 
comparison of the two periods also reveals a very high 
level of dynamism with six new entrants in the top 10 
for productivity and seven for impact. 

As for regional representation, only one Asian firm 
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Table 2. Research productivity and impact of 
top 10 firms. 


and one European firm enter the 
current top 10 firms. An interest- 
ing observation about research 
done by the industry is that 
although the productivity of the 
top 10 firms is much smaller than 
that of the top 10 academic insti- 
tutions, their average impact is 
' higher (1.64 vs. 1.25). Industry 
top performers publish fewer but 
higher-impact articles than their 
academic counterparts. 


3.7[6] 


CONCLUSION 

- In conclusion, we would like to 
highlight the modest growth of IS 
research productivity and the 
impressive improvement of its 
impact. While still dominated by 
North American institutions, 
there are signs of internationaliza- 
tion with Asia increasing its pro- 
ductivity and Europe enhancing 
its overall impact. The composition of the top per- 
formers is dynamic, but with consistent academic 
and industry leaders. The dynamism and interna- 
tionalization trends should contribute further to the 
enhancement of the IS research diversification and 
recognition. @ 
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“MOST WIRED HOSPITALS? 
RATE PATIENT SATISFACTION 


Considering the role of IT as a variable in health care institution 
quality assessment. 


Information technology is one of the most significant tools currently available to improve 
health care quality and productivity. When it comes to IT, however, health care lags behind 
almost every other industry [9]. Although the health care industry does not lack for technol- 
ogy, major expenditures are limited to profit-making sectors such as surgery and treatment 
[6]. Other data-driven industries such as insurance or financial services budget more than 10 
percent of their finances for IT, whereas health care puts only two to three percent of its bud- 
get into IT. Along the same lines, private industry spends an average of about $7,000 per 
worker on IT hardware, software, and services, with banking approaching $15,000 a worker; 
health care averages about $3,000 annually per worker for IT [6]. 


This contrast in IT investment is important to 
note as it comes at a time when we are realizing 
that patients see real benefits from increased 
investment in technology. In fact, examinations 
into how users feel about technological applica- 
tions in health care indicate generally high levels of 
satisfaction as both patients and providers appreci- 
ate the convenience and efficiency that comes with 
new technologies. Videoconferencing consulta- 
tions between specialists and patients improves 
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patient satisfaction by reducing burdens associated 
with travel and scheduling while promoting a feel- 
ing of involvement in the physical examination 
itself [11]. Store-and-forward consultations in 
record-driven fields such as dermatology lead to 
positive reviews from all parties involved (patients, 
referring physicians, and specialists) [12]. Even 
basic Internet searching for health information 
makes patients more likely to pose more informed 
questions to their doctors and to follow prescribed 
treatment regimens [4]. 

The possibility of increased patient satisfaction 
is an immense consideration for many institutions, 
especially for larger health care facilities that tend 
to have lower satisfaction ratings. The importance 
of measuring, improving, (and achieving) patient 
satisfaction has not always been a top priority for 
health care institutions. Whereas in the past, 
patient satisfaction was not necessarily seen as 
related to institutional success, today it is recog- 
nized that quality of care, customer satisfaction, 
and financial outcomes are all interrelated. Higher 


| 


patient satisfaction can help retain a customer base, 
increase physician loyalty, bring more patients, 
raise employee satisfaction and retention, cut costs, 


and reduce length of stay [3]. 


On the other hand, patient dissatisfaction is 


associated with a significant decrease in revenue for» 


| the health care organization [5]. In light of this sit-_ 


uation, Press Ganey, the largest health care satisfac- © 
tion measurement firm in the U.S., aims to | 
provide one of the largest pools of comparative — 


data in the nation [7]. This allows hospitals to not 
only measure and compare patient satisfaction — 


scores, but also to identify areas that are lacking 
and improve upon them. 


Given the ever-growing standards and recogni- — 
tion of satisfaction research, the current environ- 
“ment is ripe for new and more detailed 
"investigations into the antecedents of patient satis- 
faction. More specifically, a pressing question | 


remains to be explored in the realm of health care 


satisfaction research: Are hospitals that invest more 


heavily in health IT more likely to achieve higher | 
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patient satisfaction? A growing | vou ene 
number of examples seem to 
point strongly in this direction. 

Overall, evidence is continually 
mounting that there is something 
special about health care organiza- 
tions that invest in IT (hospitals 
that are “wired”). This project 
seeks to further investigate the 
relationship between investment 
in health IT and patient satisfac- 
tion in the hospital context 
through analysis of patient satis- 
faction data for hospitals with val- 
idated Press Ganey satisfaction 
survey [7] data that was included 
in the 2005 Hospitals & Health 
Networks annual list of the “100 
most wired hospitals and health 
systems.” Specifically, we sought 
to test the following hypotheses: 

H1: Patients from the Most 
Wired Hospitals would report 
higher satisfaction scores regard- 
ing the overall experience in the 
hospital. 

H2: Patients from the Most 
Wired Hospitals would report higher satisfaction 
regarding specific aspects of their hospital experience, 
including: H2a: Their admission process and experi- 
ence; H2b: Their experiences with hospital-based 
nurses; H2c: Items related to tests and treatments 
within the hospital; H2d: Their experience with physi- 
cians during their hospitalization; H2e: Their dis- 
charge experience; H2f: Personal issues such as 
sensitivity and pain control. 

H3: Status as a most wired hospital would more 
accurately predict higher patient satisfaction than spe- 
cific demographic characteristics of the hospitals such 
as number of patient beds, case mix, number of critical 
days, payer mix, community size, total number of full- 
time equivalents, and services provided. 

This work is based in part on the revisitation of a 
theoretical proposition developed almost 30 years ago. 
Ben-Sira offered a revised model of social interaction 
regarding relationships in the health context whereby 
the mode of an interaction may equal or supercede the 
actual content [1]. Specifically, Ben-Sira suggested that 
a client’s satisfaction may indeed be a consequence of 
the mode of a professional’ response. He argues that an 
emotional involvement in treatment, a lack of detailed 
medical knowledge, and an ability to connect treat- 
ments to healing will lead patients to judge medical 
providers on the basis of the physician's behavior 


Customer Service 


Safety and Quality 


pis 


practices _ 


Table 1. Evaluation 
criteria for most wired 
evaluation. 
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‘ Automate the supply chain / : / 
+ Automate patient eligibility and financial transactions with insurance companies and other payers 
+ Automate the business office and financial operations ' ‘ 


pie Improve the efficiency of administrative services to patients such as pre-registration 
_ + Assist patients in researching and tracking their own conditions 
* Provide the general public with health information and resources to improve their health 


* Reduce errors in prescribing and ordering medications 
+ Reduce errors in the administration of medications 
* Improve clinical decision making by providing physicians and clinicians with access to electronic health 
record for their patients = 
* Improve clinical decision making by providing real-time clinical alerts to assist physicians and other 
inicians at the point of care 
‘educe adverse events by electronically monitoring patients and using surveillance systems to alert 
; and other clinicians about changes in a patient's condition / 


ruitment, selection, and training of qualified personnel 


tensive training and support to physicians and other clinicians on information systems 
rce management tools to ensure adequate staffing and measure staff performance __ 


ide range of security technologies to safeguard confidential patient information 
pilot programs or offer patients some form of a Web-based personal health record 
pate in local, regional, and national cooperatives to share health information i 
+ Use evidence-based standards to monitor and improve the hospital’s performance on specific clinical 


Source: Hospitals & Health Networks' Most Wired Survey and Benchmarking Study (see www.usnews.com/usnews/health/articles/ 
050722/wired.criteria.htm). 


toward the patient [2]. Thus, high levels of socio-emo- 
tional behavior on the part of the provider can promote 
patient satisfaction, self-disclosure, and trust [10]. We 
seek to update this theory to allow mode to encompass 
the use of information technologies to facilitate com- 
munication-related activities in the health setting. 
With this in mind, we sought to test whether most 
wired hospital patients report higher levels of satisfac- 
tion related to the inpatient experience. 


METHODOLOGY 
During the time of data collection for this study (inpa- 
tient surveys received between Jan. 1, 2004 and Sept. 1, 
2005), Press Ganey collected patient satisfaction surveys 
for 1,382 hospitals in the U.S. Specifically, standardized 
questionnaires were mailed shortly after discharge to 
patients hospitalized in an acute care hospital. This pro- 
cedure yielded over three million survey responses from 
patients discharged from 1,382 hospitals nationwide. 
In 2005, Hospitals & Health Networks magazine pub- 
lished its list of the 100 most wired hospitals in the U.S.' 
The annual Hospitals & Health Networks Most Wired 
Survey and Benchmarking Study asks hospitals via an 
eight-page survey to self-report on their use of IT in five 
key areas: business processes, customer service, safe 
and quality, work force, and public health and safety. 
(See Table 1 for evaluation criteria.) Hospitals & Health 
Networks then reviews the results of the proprietary sur- 


‘See www.hhnmag.com/hhnmag/jsp/articledisplay.jsp?dcrpath= HHNMAG/Pubs 
NewsArticle/data/backup/0507 HHN_CoverStory_WinnersList&domain=HHMAG. 


vey and evaluates the hospitals to determine which hos- 
pitals have the highest performance. Top-scoring hospi- 
tals are published in the Top 100 list (actual scores and 
scoring criteria are not included with the published list); 
42 of these Top 100 most wired hospitals are Press 
Ganey clients. Therefore, patient satisfaction scores were 
compared between the two groups, the 42 hospitals 
included on the most wired list and the 1,340 not 
included on the list, referred to as “other” in this article. 

The Press Ganey Inpatient Survey was first devel- 
oped in 1987 and has undergone 


list were use to create the mean for the “Other Hospi- 
tals’ Group. 

The standard parametric t-test requires the assump- 
tion that variances are homogeneous between the two 
groups being compared. When this assumption is met, 
a pooled variance estimate is used to calculate 2 When 
variances are not equal, the ¢ statistic is calculated using 
separate variance estimates. Additionally, the Welch 
correction for degrees of freedom is applied when using 
the ¢ designed for unequal variances. In each compari- 


rigorous validation testing. The 
conceptual model behind the rat- 


oO 1 2 


[overa Mean Score 


ings is real-world-based in that it 


» Overall Assessment Section * 


derives from typical experiences a 


> » Overall cheerfulness of the hospital * 


patient may actually encounter 
during a hospital stay. Events that 


& » How well staff worked together to care for you 


> P Likelihood of your recommending this hospital to others * 


occur, (admission, meals, tests or 


» > Overall rating of care given at hospital 


treatments, discharge); personnel 


* Asterisks denote comparisons in which equal variances were assumed following the use of Levene's test for equality of variances. 


encounters (nurses, physicians, All other comparisons report results where equal variances were not assumed and the Welch correction for degrees of freedom 


was applied. 


and technical staff); the physical 
surroundings (room and hospital) 
and the interpersonal aspects of 
the stay are seen as important 
contributors to the patient's total 
experience. They are also believed to be reflections of 
the quality of the medical care delivered and received. 

The survey includes 49 standard questions asked by 
all organizations that are organized into 10 sections or 
sub-scales including: Admission, Room, Diet and 
Meals, Nursing, Tests and Treatment, Visitors and 
Family, Physician, Discharge, Personal Issues, and 
Overall Assessment. Within each section, respondents 
are asked to evaluate a set of attributes that relate to that 
conceptual area. Responses are coded on a Likert-type 
scale from 1—5 (1=Very Poor, 2=Poor, 3=Fair, 4=Good, 
and 5=Very Good). Scores are linearly transformed to a 
0-100 scale for ease of interpretation. Chronbach 
alphas indicating the reliability of the subscales range 
between 0.78 and 0.95. Reliability for the entire instru- 
ment is 0.95. Factor analysis supports the construct 
areas measured by each of the subscales. More informa- 
tion about the psychometric properties of the Press 
Ganey Inpatient Survey can be obtained from the 
authors. 

Independent samples t-tests were performed to com- 
pare the satisfaction scores between the most wired hos- 
pitals and the rest. Patient-level satisfaction survey 
responses were first aggregated at the facility level to cre- 
ate the two distributions for comparison. The 42 hos- 
pital-level mean scores (comprising those hospitals 
from the Most Wired list) were used to create the mean 
for ‘Most Wired Hospitals’. Similarly, the 1,340 hospi- 


tal-level mean scores for facilities not on the most wired 


Table 2. Global 
satisfaction results. 


Note: Darker bars (shaded in blue) denote significant differences. Lighter bars (shaded in yellow) reflect non-significant findings. 


son reported, Levene’s test for the equality of variance 
was performed first to determine if the pooled variance 
or separate variance results should be reported. See 
Tables 2 and 3 for notation as to which results assumed 
equal variances per the results of the Levene’ test. 


RESULTS 

Data from the surveys revealed there were significant 
differences in satisfaction-related issues for clients at the 
most wired hospitals. These differences were demon- 
strated for overall satisfaction, as well as for specific 
aspects of the hospital experience. 

First, the data demonstrated consistent support for 
the first hypothesis that patients receiving care at the 
most wired hospitals would report higher global satis- 
faction scores. The measure contains several indicators 
of global satisfaction including a composite overall per- 
formance score, a subscale addressing the patients over- 
all assessment of the care experience, as well as four 
individual questions geared to global outcome mea- 
sures. In each case, the most wired hospitals fared bet- 
ter (see Table 2). Notably, wired hospitals scored 0.76 
points higher on the composite overall performance 
score (t=2.116, df+45.72, p=0.040). 

A similar pattern of more positive performance was 
found when looking at the overall assessment subscale 
of the measurement tool which was 1.24 points higher 
for the most wired group (t=2.242, df=1380, p=0.025). 
The overall assessment subscale that appears at the con- 
clusion of the questionnaire asks the respondent to con- 
sider their experience from a broad. view and evaluate 


the overall cheerfulness of the hospital, how well staff 
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worked together to care for the 
patient, likelihood of recommend- 
ing the hospital to others and the 
overall rating of care given at the 
hospital. Three of the four indi- 
vidual items that address global 
evaluations of the hospital were 
also significantly higher for the 
most wired group. The most 
wired hospital group was higher in 
patient evaluations of overall rat- 
ing of care (+1.24 (t=2.340, 
df=1380, p=0.019)); likelihood of 
recommending (+ 1.96 (t=3.049, 
df=1380, p=0.002); and coordina- 
tion of care (+0.81 (t=2.183, 
df=46.06, p=0.034)). There was 
no significant difference between 
the two groups in respect to over- 
all cheerfulness of the hospital. 
Statistical comparisons regard- 
ing specific aspects of patients’ 
hospital experiences were also con- 
ducted (see Table 3). The hypoth- 
esis that patients from the most 
wired hospitals would rate their 
satisfaction as higher with the 
admission process and experience 
was supported. At the subscale 
level, wired hospitals scored 1.52 
points higher (t=3.524, df=45, 
p=0.001), which was a statistically 
significant difference. At the indi- 
vidual item level, all three individ- 
ual items were _ significantly 
different. Specifically, wired hospi- 
tal patients reported higher scores 
for the speed of admission (+1.98 
(t=3.969, df=44.89, p=0.001)), 
courtesy of admission _ staff 
(+1.05 (t=3.244, df=45.3, 
p=0.002)), and the pre-admis- 
sion process (+1.43 (t=2.509, 
df=1375, p=0.012)). However, 
the hypothesis that patients at 
the wired hospitals would view 
the experience of hospital dis- 
charge in a manner that was sta- 


tistically more favorable was not supported at the 
subscale level or for any of the four individual items 


within this subscale: 


In regard to satisfaction with health providers, 
patients in the most wired hospitals did report statisti- 
cally reliably higher satisfaction levels with physicians 


4 
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* Asterisks denote comparisons in which equal variances were assumed following the use of Levene's test for equality of variances. 
All other comparisons report results where equal variances were not assumed and the Welch correction for degrees of freedom 
was applied. 

Note: Darker bars (shaded in blue) denote significant differences. Lighter bars (shaded in yellow) reflect non-significant findings. 


Table 3. Satisfaction 
results for specific 
aspects of care. 


in general. At the subscale level, the most wired hospi- 
tals scored 0.80 points higher (t=2.420, df=45.86, 
p=0.02) than the other group. At the individual item 
level, three out of five items had significant differences 
between the two groups. Specifically, wired hospitals’ 
patients were more satisfied with physician’s concern 
with their questions/worries (+0.75 (t=2.158, 
df=45.89, p=0.036)); friendliness/courtesy (+0.74 
(t=2.663, df=46.29, p=0.011)); and skill of physician 
(+1.27 (t=3.484, df=1379, p=0.001)). Yet, patients 
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from the most wired hospitals did not report statisti- 
cally higher satisfaction scores regarding their experi- 
ences with hospital-based nurses in general at the 
subscale level. However, at the item level, patients at the 
most wired hospitals did report higher satisfaction 
related to nurses for two of the six items. Most wired 
hospital patients reported significantly higher satisfac- 
tion with nurses’ attitude to patient requests (+0.65 
(t=2.178, df=48.94, p=0.034)) and skill of nurses 
(+0.57 (t=2.128, df=47.8, p=0.039)). 

The hypothesis that patients from the most wired 
hospitals would view care more favorably related to the 
personal issues such as sensitivity and pain control did 
prove to be supported. At the subscale level, wired hos- 
pitals scored 0.89 points higher than the other group 
(t=2.431, df=46.37, p=0.019). At the individual item 
level, two out of six items were significantly different, 
with wired hospitals scoring higher in both cases: staff 
sensitivity to patient’s inconvenience (+1.00 (t=2.469, 
df=45.91, p=0.017)), and pain control (+0.83 
(t=2.981, df=46.32, p=0.005)). 

Most wired hospital patients did not report higher 
satisfaction with tests and treatments at the subscale 
level. At the item level regarding tests and treatments, 
only one of the seven items was significantly different 
in favor of the wired hospitals. Specifically, most wired 
hospitals’ patients were more satisfied with the explana- 
tions received regarding medical tests and treatments 
(+0.83 (t=2.596, df=45.28, p=0.013)). 

Finally, status as a most wired hospital proved to be 
an important variable in more accurately predicting 
higher patient satisfaction than specific demographic 
characteristics of hospitals. In general, smaller hospitals 
tend to have higher patient satisfaction scores than the 
larger hospitals in the Press Ganey Inpatient Database. 
The Pearson Correlation between hospital bed size and 
the overall patient satisfaction score is -0.321 
(p<0.000). Average bed size of the most wired hospital 
group in our analysis is 543, and the average bed size for 
the other group is 260. However, patients treated at the 
most wired hospital group were significantly more sat- 
isfied than those treated at other hospitals (t=2.116, 
df=45.72, p=0.04). 

Hospitals with higher Case Mix Indices (that is, hav- 
ing sicker patients) tend to score lower in patient satis- 
faction than do hospitals with lower Case Mix Indices. 
Overall, the Case Mix Index for the most wired hospi- 
tal group was 359 versus 144 for the other group (with 
a higher case mix index indicating a sicker population 
of patients). Yet, patients from the most wired hospitals 
reported significantly higher levels of satisfaction. 

Teaching hospitals (Council of Teaching Hospitals 
(COTH) members) have lower overall patient satisfac- 
tion than the non-members (82.3 vs. 84.3) in the Press 


Ganey Inpatient Database. In this study, most wired 
hospitals were more likely to be COTH members 
(44.8% vs. 13.5%), but nevertheless demonstrated 
higher patient satisfaction results. A similar relationship 
holds for non-COTH member teaching hospitals: 
non-members score significantly higher in patient satis- 
faction (84.5 vs. 82.9). In this study, most wired hospi- 
tals were more likely to be teaching hospitals (52% vs. 
27.5%), yet these most wired hospitals demonstrated 
higher levels of patient satisfaction. 

Finally, when examining a number of miscellaneous 
hospital demographics (the hospitals’ community type 
and size, UHC membership, presence of medical resi- 
dents in the hospital, types of services provided) we 
again found that most wired hospital status is a better 
predictor of higher patient satisfaction than any other 
hospital demographic variable. 

In summary, analysis from this study found that 
patients from the most wired hospital group report 
higher levels of overall satisfaction than do patients 
from the other group of hospitals. Patients from the 
most wired hospitals also reported higher satisfaction 
related to the admission process, their experiences with 
physicians, and personal issues such as sensitivity and 
pain. However, there was no difference in general satis- 
faction scores between the two groups for experiences 
with nurses, the discharge process and tests and treat- 
ments (though there were a handful of individual items 
for these three areas where most wired patients reported 
higher satisfaction with no items where the other group 
reported statistically higher satisfaction). Finally, higher 
satisfaction scores were associated with most wired hos- 
pital status more so than for any specific demographic 
variable tested. 


DiscussiON 

The results from this study are important and thought 
provoking for a variety of reasons. Health care organi- 
zations, often non-profit, are faced with challenging 
resource allocation. Administrators must make difficult 
decisions regarding investment in IT in lieu of other 
critical resources such as personnel or capital equip- 
ment. Often, administrators are pressured to allocate 
resources in ways that demonstrate immediate, short- 
term benefits. Yet, the results of this study suggest that 
among the longer-term benefits of IT investment in 
hospitals may actually be issues related to patient satis- 
faction. This data suggests IT enhancements don’t just 
affect the way health care professionals work, they also 
affect the way patients receive and perceive their care. 
As we move toward a new paradigm of health delivery 
necessitated by public and private desires to contain 
health costs, we are moving to a world where many 
patients will be more knowledgeable about managing 
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health care, better informed about the benefits, risks, 
costs and alternatives for treatments, more technologi- 
cally savvy, and more engaged in decision making with 
providers. As a result, hospitals will need strong IT 
infrastructure and tools to meet the increasing expecta- 
tions of these more sophisticated consumers. 

Patient satisfaction is a phenomenon determined by 
expectations and values. These values are important 
antecedents for patient satisfaction as we ask them to 
evaluate their care based on what they want and expect 
from health care providers. In general, patient satisfac- 
tion is an evaluative summary of whether a patient likes 
or dislikes health care services. Raftopoulos explained 
that patients evaluate care as functions of cognitive 
(beliefs, expectations and perceptions), affect (feelings) 
and behavioral intentions (aspirations and expected 
responses to care provided) [8]. This means that patient 
satisfaction is a dynamic process determined by the way 
a patient thinks, observes, and acts. Therefore, patient 
satisfaction is an attitude based on the way a patient 
conceives the phenomenon of a health care experience 
while in the hospital. Patients live in a world where IT 
and its associated services and benefits abound in 
almost every sector ranging from banking, entertain- 
ment, and communicating with friends and colleagues. 
It should not be surprising that many of these patients 
express greater satisfaction in hospitals that also employ 
IT in significant ways. 

This study represents a simple first step to determine 
if there is merit in further assessing IT as an antecedent 
for patient satisfaction. The study is not without its 
limitations. For example, we do not know the level of 
IT investment in the hospitals included within the 
other category. There may well be additional explana- 
tory variables that better explain these differences in 
patient satisfaction. For example, perhaps most wired 
hospitals inherently possess an innovative and radical 
culture that permeates all levels of care. Yet, the data in 
this study repeatedly pointed to instances where 
patients from the most wired hospitals were more sat- 
isfied even in those cases where demographic variables 
such as hospital size always seem to outweigh other 
impacts. Also worth noting is that even though there 
were variables with non-significant results in satisfac- 
tion ratings, there was not one single statistical test 
where the non-wired hospital patients expressed higher 
satisfaction than those in the most wired hospitals. 

We were fortunate to have a large amount of stan- 
dardized satisfaction data to explore for this study. The 
existence of a centralized data bank of validated satis- 
faction results through Press Ganey permits unique and 
innovative comparisons across hospitals. This study 
suggests I'T may be an important antecedent for patient 
satisfaction. It is a first step that validates the need for 
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significant future study to better explain this potential. 
Future work needs to differentiate between the myriad 
of IT solutions to clarify if some play a more important 
role in leading to enhanced satisfaction. 

Patient satisfaction has emerged as a vital indicator 
of the quality of medical care, as well as a significant 
determinant in decisions regarding future health 
providers. IT investment may well emerge as a strategy 
to better meet the needs of an evolving hospital patient 
demographic, ultimately resulting in a hospital’s ability 
to ensure its competitive position. @ 
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Dongseo University 
Full time faculty of 
digital content division 
The Division of Digital Content invites appli- 


cations for a contract base faculty positions 
beginning Mar 2008. Rank and salary com- 
mensurate with experience. Applicants with 
significant computer graphics experience are 
particularly encouraged to apply. We are espe- 
cially interested in candidates who can con- 
tribute to our software engineering expertise in 
one or more of the following areas: character 
animation, motion capture, software project 
management. Working on a small team, you 
will participate in all aspect of the develop- 
ment process within the division and work in 
close conjunction with the project team head. 

Dongseo University is a highly selective, 
coeducational, primarily university of digital 
visual content such as animation, movie, game 
with a vision to be the best institution of its 
kind in the world 

Ongoing professional development is expected 
of all faculty so that their teaching continues to be 
outstanding. A Ph.D. in computer graphics or a 
closely related field is required. Detailed informa- 
tion is available from: Eeljin Chae, Professor and 
the head of IT foreign faculty program, division of 
digital content, Dongseo University, Churye 2 
dong, Sasanggu, Busan, Korea. Phone: 82-10- 
5596-1975. Web: hetp://www.dongseo.ac.kr. 
Applicants should submit a cover letter, a resume, 
a career certification, copies of graduate school 
transcripts, an original copy of diploma and three 
letters of recommendation or any inquiries to 
email: dksns@gdsu.dongseo.ac.kr. 


employer does not discriminate on the basis of age, color,ra 
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of America as it is of other countries. « Thus ACM policy requires each advertising employer t 
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age in the employer's country is not considered discriminatory under this policy.) 
« ACM provides notices of positions available as a service to the entire membership. ACM recognizes that from time to time there may be some 
recruitment advertising that may be applicable to a small subset of the membership, and that this advertising may be inherently discriminatory. ACM 


does not necessarily endorse this advertising, but recognizes the membership has a right to be informed of such c 


Heuristic System 
LAMP/ Perl Programmer 
Heuristic System is looking for an experienced 
LAMP? Perl programmer to play a key role in 
the design, development, and coding of our 
unique software. Must have experience with Red 
Hat, Postfix and sourcing tools such as GIT, 
SVN, or CVS. We offer a Competitive Salary, 
Benefits Package, and Bonus Program. Please 
send your resumes to jobs@heuristicsystem.net 


Jackson State University 
Department of Computer Science 
Faculty Position 
The Department of Computer Science invites 
applications for a tenured or tenure-track 
appointment at a rank commensurate with 
qualifications and experience to begin in 
August 2008. Candidates at all ranks will be 
considered. Applicants must have a Ph.D. (by 
the time of appointment) in Computer 
Science or a closely related discipline, and a 
strong commitment to excellence in teaching, 
research, and service. The successful candidate 
will be expected to demonstrate excellent 
teaching performance, establish a strong 
externally-funded research program, establish 
collaborations, demonstrate strong communi- 
cation skills, and contribute to professional 
and public service. Candidates for the senior 
ranks must have an excellent record of profes- 

sional accomplishments. 

Responsibilities include: teaching and 
developing undergraduate and graduate 
courses; supervising graduate and undergrad- 
uate student research; developing and direct- 


ACM POLICY ON NONDISCRIMINATORY ADVERTISINGACM accepts recruitment advertising under the basic premise the advertising 
ce, religion, gender, sexual preference, or national origin. ACM recognizes, however, that 
tencies, or contradictions. This is true of laws in the United States 
© state explicitly in the advertisement any employer 
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ing a funded research program; publishing 
research results in journals and conferences; 
and in university, professional, and public 
service. Applicants in all research areas are 
encouraged to apply. 

Jackson State University is an urban uni- 
versity located in Jackson, Mississippi, the 
capital city and a metropolitan area with a 
population of approximately 500,000. The 
department has 15 faculty members and offers 
both the BS and MS degrees in Computer 
Science, with approximately 150 undergradu- 
ate and 75 graduate students. Current faculty 
research interests include high performance 
computing, graphics and visualization, recon- 
figurable computing, computer networks, 
computer security, and information and intel- 
ligent systems. Research activities and experi- 
mental laboratory facilities in the department 
have received high levels of support from var- 
ious federal research and infrastructure grants 
and contracts. 

Applicants should send a letter of applica- 
tion, a curriculum vita, official transcripts, a 
brief statement of research and teaching inter- 
ests and arrange for three letters of reference to 
be sent to: Faculty Search Committee, 
Department of Computer Science, Jackson 
State University, P. O. Box 18839, Jackson, 
MS 39217-1039, cscsearch@jsums.edu. 

Application review begins immediately and 
will continue until the positions are filled. 
Jackson State University is an Equal 
Opportunity/Affirmative Action Employer. 
Minorities, women, and persons with disabil- 
ities are encouraged to apply. 


areer opportunities. 
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Jamestown Community College 
Instructor 

Jamestown Community College is a compre- 
hensive community college with degree grant- 
ing campuses in Jamestown and Olean in 
southwestern New York State. A full-time, 
tenure-line faculty position in computer science 
on the Cattaraugus County Campus in Olean, 
NY. Required: Bachelor's degree in computer 
science or related field, object oriented pro- 
gramming experience, and ability to teach a 
wide range of computer science courses. Please 
send cover letter, resume, college transcripts, 
and references to humanresources @mail.sun 
yjcc.edu. For more information about JCC visit 
our website at http://www.sunyjcc.edu/. 


Milwaukee School of 
Engineering 
Software Engineering 
Milwaukee School of Engineering 

(MSOE) Software Engineering 
The Milwaukee School of Engineering invites 
applications for a full-time open rank faculty 
position in its software engineering program. 
Applicants must have an earned doctorate degree 


in software engineering, computer engineering, 


computer science or closely related field, as well 


as relevant experience in engineering practice. 

The successful candidate must be able to 
contribute in several areas of software engi- 
neering process and practice while providing 
leadership in one of the following: human- 
computer interaction, computer security, 
computer gaming, software architecture and 
design, and software process. 

MSOE expects and rewards a strong pri- 
mary commitment to excellence in teaching at 
the undergraduate level. Continued profes- 
sional development is also expected. 

Our ABET accredited undergraduate soft- 
ware engineering program had its first gradu- 
ates in spring 2002. Founded in 1903, MSOE 
is a private, application-oriented university 
with programs in engineering, business, and 
nursing. MSOE'’s 15 acre campus is located in 
downtown Milwaukee, in close proximity to 
the Theatre District and Lake Michigan. Please 
visit our website at http://www.msoe.edu/. 

Submit all application material via email in 
pdf format to se.search@msoe.edu. Applicants 
should include a letter of application, curricu- 


lum vitae, statement of teaching interests, and 
names (with email and physical addresses) of 
at least three references. 


MSOE is an EEO/AA Employer 


Murex North America 
Technical Consultant — Integration 
Integration analysts & consultants work with our 
clients throughout the whole life cycle: Pre-sale, 
implementation, updates and assistance. Must 
have a good background in CS, Engg. or related. 
Proficiency in Java. C++ or other OOP required. 


National University of 
Singapore 
Tenure-track Faculty Positions 
The Computer Science Department of the 
National University of Singapore is looking to 
add to its tenure-track faculty at all ranks. 
While we encourage strong candidates from 
all areas to apply, we are particularly interest- 
ed in the following areas: 
¢ Human-Computer Interfaces (HCI)/ 
Interactive Media Design 
¢ Computer Security 
¢ Computational Biology 
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SRM University is a private University that offers undergraduate and graduate 
programs in Engineering, Medicine, Dentistry, Para-medical sciences, Arts and 
Humanities. 


As part of our University's globalization efforts, we are in search of Deans, 
Professors at various levels in the College of Engineering. Faculty duties 
include teaching at graduate and undergraduate levels, research and 
supervision of student research. Candidates with an active interest and 
background in all areas of Engineering such as Electrical Engineering, 
Electronics Engineering and Computer Engineering will be considered. 


We are soliciting professors at various levels who can relocate, preferably for 
atleast 2-3 years. Professors who can stay for at least 6 months in India and 
teach a course for a semester are also encouraged to apply. The positions are 


open to competent professors from the International academia with vast 
experience in academics and research. NRI professors from other countries 
who wish to work in India for a period of 6 months to 3 years are welcome to 
submit their applications. Suitable work visas will be arranged by us wherever 
necessary. Remuneration will be commensurate with international standards 
and will not be a constraint for candidates who have excelled in their chosen 
academic fields. 

Interested candidates may send their latest resume to registrar@srmuniv.ac.in 


UNIVERSITY 


(Under section 3 of UGC Act 1956) 
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NUS is a research university, with low teach- 
ing loads, excellent facilities, ample research 
funding and support for conference travel. The 


Computer Science Department consists of 


active and talented faculty members working 
in a variety of areas. Its student body includes 
some of the best in the region. It offers under- 
graduate programs in computer science and 
computer engineering and a graduate program 
awarding Masters and PhD degrees. Salary and 
benefits are competitive with the top universi- 
ties around the world.We seek people with 
both 


research and teaching. Interested candidates are 


excellent potential/achievements in 
requested to send the following materials to 
csrec@comp.nus.edu.sg: 

¢ Curriculum Vitae 

¢ Research Statement 

¢ Teaching Statement 


Names of at least three refereesThe inter- 
view visits for selected candidates will take 
place during September-October and 
February-March.We also seek committed 
teachers for our teaching track positions. We 
are particularly interested in people with 
expertise in teaching HCI and Computer 


Security courses. 


Penn State University 
Assistant Professor 

Penn State Hazleton invites applications for a 
faculty position in Information Sciences and 
Technology (tenure track Assistant Professor 
preferred; willing to consider multi-year 
appointment; 36 weeks). Begin August 2008. 
Teach in areas such as networking, systems 
analysis, and systems integration using tradi- 
tional and blended delivery modes; publish in 
refereed journals; engage in service activities. 
Ph.D. in Information Science is required. To 
learn more about the campus, visit 
hetp://www.psu.edu/ur/cmpcoll.html. To learn 
about the position and how to apply, visit 
hetp://www.psu.jobs/Opportunities/Opportun 
ities.html and follow the “Faculty” link. 


AA/EOE 


Saint Anselm College - 
Computer Science 
Assistant Professor 
Saint Anselm College invites applications for 
an assistant professorship in computer science. 
This is a one-year position (renewable up to 3 
years) to start in August 2008. Ph.D. required 
(will consider ABD). Duties include teaching 
a variety of undergraduate computer science 
courses and advising students. A commitment 
to excellence in teaching is paramount. 
Candidates must be supportive of the mission 
of this Catholic College. Saint Anselm College 
is committed by its mission to actively build- 


ing a diverse academic community that fosters 
an inclusive environment. It therefore encour- 
ages a broad spectrum of candidates to apply. 
Applications will be accepted until the posi- 
tion is filled. 

Applicants should send a letter of applica- 
tion, a curriculum vita, and contact informa- 
tion for three references to: 

Professor Carol Traynor 

Chair, Department of Computer Science 
Saint Anselm College 

Box 1658 

100 Saint Anselm Drive 

Manchester, NH 03102-1310 

{Phone: (603) 656-6021} 


{E-mail: ctraynor@anselm.edu} 


The Catholic University 
of America 
Washington D.C. 20064 
Tenure-Track Position 
Assistant/Associate Professor in Computer 
Engineering/Science 

The Department of Electrical Engineering 
and Computer Science of The Catholic 
University of America (CUA), invites applica- 


tions for a tenure-track assistant/associate pro- 
fessor position in Computer Engineering/ 
Science beginning September 2008, or as soon 
as possible thereafter. All areas of research 
related to Computer Engineering/ Science will 
be considered. Applicants should hold a doc- 
toral degree in computer engineering/science. 
We are seeking applicants with a strong com- 
mitment to undergraduate education and 
scholarly research. For appointment at the 
rank of associate professor, the candidate must 
show evidence of established research program 
capable of attracting external research fund- 
ing. CUA is a selective undergraduate and 
graduate institution having programs leading 
to bachelors, masters and doctoral level 
degrees. Candidates should send curriculum 
vitae, statement of career objectives, and 
names of at least three references to: 

Professor Philip Regalia, Chair, Search 

Committee, 
Department of Electrical Engineering and 
Computer Science 

The Catholic University of America 

Washington D.C. 20064 

Phone (202) 319-5879 


ag Windows 


of operating systems. 


Windows Kernel Source and Curriculum Materials for 
Academic Teaching and Research. 


The Windowse Academic Program from Microsoft provides the materials you 
need to integrate Windows kernel technology into the teaching and research 


The program includes: 


in user-mode. 


+ Windows Research Kernel (WRK): Sources to build and experiment with a 
fully-functional version of the Windows kernel for x86 and x64 platforms, as 
well as the original design documents for Windows NT. 


+ Curriculum Resource Kit (CRK): PowerPoint slides presenting the details 
of the design and implementation of the Windows kernel, following the 
ACM/IEEE-CS OS Body of Knowledge, and including labs, exercises, quiz 
questions, and links to the relevant sources. 


* ProjectOZ: An OS project environment based on the SPACE kernel-less OS 
project at UC Santa Barbara, allowing students to develop OS kernel projects 


These materials are available at no cost, but only for non-commercial use by universities. 


For more information, visit www.microsoft.com/WindowsAcademic 


or e-mail compsci@microsoft.com. 
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Fax: (202) 319-5195 
CUA-EECSposition@cua.edu 


Review of applications will begin on March 
15, 2008, and continue until the position is 
filled. For more information about our depart- 
ment, please visit our web = site at 
hetp://EECS.cua.edu The Catholic 
University of America was founded in the 
name of the Catholic Church as a national uni- 
versity and center of research and scholarship. 
Regardless of their religious affiliation, all fac- 
ulties are expected to respect and support the 
University's mission. The Catholic University 
of America is an Equal Opportunity/ affirma- 
tive action Employer. 


The University of Toledo 
Lecturer 
Computer Science & Engineering 
(CSE)Lorain County Community College 
(LCCC) University of Toledo 
The Electrical Engineering and Computer 
Science (EECS) Department at The University 
of Toledo invites applications for candidates for 
a full-time instructional position in our CSE 
program located at LCCC in Elyria, OH 
(approximately 
Cleveland, OH) beginning immediately. The 


30 miles 


position will be a continuing non-tenure track 
appointment, contingent upon satisfactory per- 
formance and instructional need. Candidates 


Southwest of 


must possess an earned doctorate in computer 
science or computer engineering, a strong com- 
mitment to teaching, and an interest in pursu- 
applied 
Applicants for the position should submit cur- 


ing multidisciplinary research. 
riculum vitae, reprints of selected publications, 
a narrative describing their research and teach- 
ing interests and professional goals along with 
the names and contact information of at least 
three references. The position will remain open 
until the appointment is made. Application 
materials should be submitted to Dr. Krishna 
Shenai, Professor and Chair, EECS Department 
- NI2008, MS 308, University of Toledo, 2801 
W. Bancroft St., Toledo, Ohio 43606-3390. 
Inquiries may be addressed to krishna.shenai@ 
(Ph: 419-530-8196). The 
University of Toledo is an Affirmative Action 


utoledo.edu 


Employer. Women and minorities are strongly 
encouraged to apply. 


University of Maryland 
University College 
Associate Provost, SSL (002383) 
UMUC is seeking an Associate Provost to over- 
see the operations of the Securities Studies 
Laboratory. Requires a PhD, DSc, DM, or other 
terminal degree with administrative experience 
in information technology and information 
assurance or homeland security. Please visit 
hetp://www.umuc.edu/employ.shtml for a com- 

plete description and to apply. 


contact name and number. 


commissionable. 


three lines. The MINIMUM is six lines. 


duplicate listing on our website at: 
http://campus.acm.org/careercenter 

Ads are listed for a period of six weeks. 
For More Information Contact: 

JONATHAN JUST 

Director of Media Sales 


Advertising in Career Opportunities 


How to Submit a Classified Line Ad: Send an e-mail to Jonathan.Just@acm.org. 
Please include text, and indicate the issue/or issues where the ad will appear, and a 


Estimates: An insertion order will then be e-mailed back to you. The ad will by typeset 
according to CACM guidelines. NO PROOFS can be sent. Classified line ads are NOT 


Rates: $295.00 for six lines of text, 40 characters per line. $80.00 for each additional 
Deadlines: Five weeks prior to the publication date of the issue (which is the first of every 


month). Latest deadlines: http://www.acm.org/publications 
Career Opportunities Online: Classified and recruitment display ads receive a free 


at 212-626-0654 or Jonathan.Just@acm.org 
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University of Michigan — Flint 
Assistant Professor of 
Computer Science 
Duties to begin fall 2008 
Visit www.umflint.edu/csesp for 


information 


more 


University of Nebraska at 
Omaha 
Associate/Full Professor of Information 
Assurance (IA) 

The University of Nebraska at Omaha's 
(UNO) College of Information Science & 
Technology invites applications from faculty 
candidates for a tenure track position in 
Information Assurance at the Associate/Full 
Professor level starting fall 2008. Candidates 
should have a well-established, active and vig- 
orous research program in IA or affiliated dis- 
ciplines and a demonstrated ability to gener- 
ate external research and development grants. 
Candidates must have a doctorate in CS 
(Computer Science) or IS (Information 
Systems) or a related field and have a demon- 
strated commitment to undergraduate and 
graduate education in IA. Teaching experience 
and publication record must be commensurate 
with the rank sought. Contributions to service 
in the form of interactions with university, 
business, government agencies and profession- 
al organizations are expected and important 
requirements for this position. The successful 
candidate should have the ability to obtain US 
government clearance. To apply and for more 
information please visit our web site at 
http://careers.unomaha.edu. All applicants are 
required to submit a cover letter, curriculum 
vita and a list of references via the web site. 

Review of applications will begin immedi- 
ately and will continue until the position is 
filled. 

UNO has a strong commitment to achiev- 
ing diversity. We encourage applications from 
under-represented groups, women and persons 
of color. 


Virginia Tech-Advanced 
Research Institute 
Associate Professor 

The ECE Department at Virginia Tech 
invites applications for a tenured faculty 
position in information security, critical 
infrastructure interdependencies, and use of 
Information Technology in 
resilient infrastructures. The position will be 
at The Advanced Research Institute in 
Arlington Virginia. Preference will be given 


designing 


to candidates who currently have tenure 
and/or a proven record of obtaining funding 
in the area. Please visit http://www.jobs. 
vt.edu/ (Posting # 071312) for further infor- 
mation and the application process. 
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The Size of the IT Job Market 


Comparing the U.S. IT job markets of the 1990s and 2000s. 


obs are disappearing” and 

“steady erosion of IT jobs to 

global outsourcing” are recent 
themes in the media, presenting a 
grim outlook for IT jobs in the 
U.S. This underscores the impor- 
tance of systematic study of the IT 
job market in an environment of 
global outsourcing [3]. Many 
observers feel the effect of out- 
sourcing has been to reduce the 
number of IT jobs in the U.S. 
One approach to assess the relative 
effects of factors, such as outsourc- 
ing, is to study the relative size of 
the job market for IT personnel 
before the advent of global out- 
sourcing and then compare it with 
the current conditions of plentiful 
global outsourcing. 

Starting in the early 1990s, 
researchers have systematically 
sampled job advertisements. 
Objectives of this research stream 
were to determine what skills were 
most in demand for IT profes- 
sionals, and any data presented on 


the size of the job markets was 
merely a by-product. Similarly, 
newspaper advertising was assessed 
in a longitudinal format during 
much of the 1990s. With the 
growing popularity of Internet job 
sites, sampling of job advertise- 
ments switched to the Internet in 
order to offer a longitudinal base 
for appraising the relative size and 
direction of the current job mar- 
ket. Current objectives are to 
appraise the strength and direction 
of today’s IT job market as com- 
pared to that of the last decade 
and to the tumultuous early part 
of this decade. Continuity is 
achieved through consistency of 
the geographic locations sampled. 
The cities or metro areas included 
in the current study are those 
sampled in the 1990s. Early find- 
ings from this study were pre- 
sented at the ACM SIGMIS/CPR 
conference with 2005 data [2]. 
This column updates the data and 
poses the questions: How does the 
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IT job market of this decade com- 
pare to that of the previous 
decade, and Are there trends in 
the job market of the previous 
decade that may hold lessons for 
the near future? 


Data COLLECTION 

Data collection in the 1990s was 
based on newspaper job ads. The 
major newspaper in each of the 
selected cities was analyzed once a 
year. This was a laborious, manual 
classification task that was aided 
by the development of a job skill 
classification taxonomy. This tax- 
onomy was revised several times as 
popular job skills changed. 
Another major change was a 
switch to Internet-based job sites. 
After some time was spent study- 
ing the relative accuracy and effec- 
tiveness of competing job sites, 
the Monster.com site was selected 
as the research site, as it is one of 
the most popular job sites for IT 
jobs and lends itself well to sys- 
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tematic analysis of posi- 
tion advertisement 
trends. 

The nationwide sam- 
pling of geographic loca- 
tions for selection of job 
ads is an important aspect 
of the scope and continu- 
ity of this research. From 
the beginning, it was 
obvious to researchers that a sys- 
tematic selection of cities to cover 
the geography of the U.S. would 
add substantially to the ability to 
extrapolate research results to the 
entire U.S. IT job market. Accord- 
ingly, this research has been based 
on a geographic cross section of the 
USS. IT job market. This concept 
continued as the research migrated 
to the Monster.com site 
and extended in 2001 
from the original 10 
cities to the 35 metro- 
politan areas offered by 
Monster.com. For exam- | 
ple, the job-location 
retrieval criterion of 
“Chicago” was extended 
to: “Chicago, North” or 
“Chicago, Northwest” 
or “Chicago, South” or 
“Indiana, Gary/Merrillville.” The 
logic of this extension was that 
commutes from surrounding areas 
into a metropolitan site were 
becoming common. 

Monster.com allows the separa- 
tion of IT jobs from other jobs by 
general job descriptors, which are 
used by advertisers for each of 
their jobs. The job descriptor set 
selected was: Computer, hardware; 
Computer, software; Information 
Technology; Internet/E-com- 


Figure 1. IT jobs in selected cities, 
1992-1998. 


merce; and Telecommunications. 
Other job descriptors, such as 
Marketing, Accounting, and the 
like were not selected. Again, the 
IT job descriptors were also 
restricted to the 35 geographic 
locations for sampling continuity. 


Figure 2. IT jobs in 35 selected metropolitan 
areas, 2002-2006. 


HISTORICAL AND CurRENT JOB DATA 
Figure 1 shows a summary of the 
(historical) data for the number of 
positions collected in the 1990s. 
Figure 1 summarizes the total 
number of open IT/IS positions in 
the selected cities as advertised in 
the newspapers of those cities on a 
given Sunday in that year (data 
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collection methodology 
given in [4]). After 1994 
there was a tremendous 
boom in the economy 
and a matching increase 
thereafter in the demand 
for and supply of IT grad- 
uates. At the end of that 
decade and into the start 
of the next, there was the 
dot-com downturn followed by 
the terrorist attacks of Sept. 11, 
2001. Data collection resumed in 
early 2002 with a change to Inter- 
net data collection and use of the 
Monster.com job Web site for the 
same cities studied in the 1990s 
(details of the revised data collec- 
tion methodology are given in 
[4]). Figure 2 summarizes total 
jobs by year and quarter in 
this decade. 

The data in Figure 2, 
(collected for each quarter 
of those years), in contrast 
to the job market for the 
same cities in the 1990s 
shows a much restricted 
size for the total IT jobs 
advertised for the early part 
of this period and a much 
improved size more 
recently. Assuming the data is 
comparable, an interesting ques- 
tion is: How bad has the job mar- 
ket been? From the data in early 
2002, immediately after the dot- 
com decline and the terrorist 
attacks of Sept. 11, 2001, it 
appears the number of jobs was 
reduced to about one-third of its 
peak for the same cities in the 
1990s. Similar results for the 
depth of the market have been 
shown [1]. 


It may be that for a global economy where 
outsourcing is common, critical and complex 
development work continues to be conducted 
on site rather than outsourced. 


What is the current condition 
of the job market? It seems that as 
of late, the job market has roughly 
tripled and may quadruple from 
its low point in early 2002. Com- 
bined with anecdotal evidence, 
this supports the position that the 
IT job market has recovered. 


CONCLUSION 

The IT job market is on an 
upward trend and seems to be 
improving in quite a dramatic 
fashion. It may be that for a global 
economy where outsourcing is 
common, critical and complex 
development work continues to be 
conducted on site rather than out- 
sourced. The recent declines and 
low enrollments in CS and MIS 
programs means the number of 
graduates will be low enough so 
that, as the market improves, job 
demand might be even greater 
than in the boom times of the 
1990s. The past shortages of IT 


personnel may well return before 


the end of the decade. @ 
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April 13-16 
INTERNATIONAL SYMPOSIUM ON 
PHYSICAL DESIGN Portland, OR, Contact: 
David Pan, Phone: 512-471-1436, Email: 
dpan@ece.utexas.edu 


April 13-16 
SPRING SIMULATION MULTICONFERENCE 
Ottawa, ON, Contact: Hassan Rajaei, Phone: 
419-372-2002, Email: rajaei@cs.bgsu.edu 


April 14-15 
EurRoGRAPHIcs 2008 SymMPosiUM ON 
PARALLEL GRAPHICS AND VISUAL- 
IZATION Crete, Greece, Contact: Daniel 
Weiskopf, Phone: 49-711-7816-368, Email: 
weiskopf@vis.uni-stuttgart.de 


April 14-16 
FLOPSO8: 9TH = INTERNATIONAL 
SYMPOSIUM ON FUNCTIONAL AND 
Locic PROGRAMMING Ise, Japan, Contact: 
Manuel V Hermenegildo, Phone: 34 91 336 
7435, Email: herme@fi.upm.es 


April 18-19 
CONSORTIUM FOR ComPUTING 
SCIENCES IN COLLEGES (CCSC) SouTH 
CENTRAL Corpus Christi, TX, Contact: James 
R Aman, Phone: 773-298-3454, Email 
aman @sxu.edu 


April 21-25 
Wwwose: THE 17TH INTERNATIONAL 
Wor_p WIDE WeB CONFERENCE Beijing, 
China, Contact: Yih-Farn Robin Chen, Phone: 
973-360-8653, Email: chen@research.att.com 


May |-3 
MICAO8: MILESTONES IN COMPUTER 
ALGEBRA 2008, Contact: Stephen M. Watt, 
Phone: 519-661-4244, 
watt @uwo.ca 


Email: Stephen. 


May 4-6 
Great Lakes SYmPposiuM ON VLSI 2008 
Orlando, FL, Sponsored: SIGDA, Contact: Vijay 
Narayanan, Email: vijay@cse.psu.edu 


May 5-7 


CF ’08: COMPUTING FRONTIERS 
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CONFERENCE Ischia, Italy, Contact: Alex 
Ramirez, Email: alex.ramirez@bsc.es 


May 5-8 
FMX08: 13TH INTERNATIONAL CON- 
FERENCE ON ANIMATION, EFFECTS, 
REALTIME AND CONTENT Stuttgart, 
Germany, Contact: Thomas Haegele, Phone: 
490-7 14-1969-800, Email: Thomas.haegele@ 
filmakademie.de 


May 10-18 
INTERNATIONAL CONFERENCE ON 
SOFTWARE ENGINEERING Leipzig, 
Germany, Contact: Wilhelm Schaifer, Email: 
wilhlem@upb.de 


May 12-16 
7TH INTERNATIONAL CONFERENCE ON 
AUTONOMOUS AGENTS AND MULTI 
AGENT SYSTEMS Estoril, Portugal, Contact: 
David C. Parkes, Phone: 617-384-8130, 
Email: parkes@eecs.harvard.edu 


May 17-20 
SYMPOSIUM ON THEORY OF Com- 


PUTING CONFERENCE 2008 Victoria, 
Canada, Contact: Venkatesh Srinivasan, Phone: 
250-472-5731, Email: venkat@cs.uvic.ca 


May 27-29 
THE INTERNATIONAL CONFERENCE ON 
ADVANCED VISUAL INTERFACES Naples, 
Italy, Contact: Stefano Ledialdi, Phone: 39-6- 
88-41962, Email: levialdi@di.uniromal.it 


May 28-30 
THE 18TH INTERNATIONAL WorRKSHOP 
ON NETWORK AND OPERATING SYSTEMS 
SUPPORT FOR DIGITAL AUDIO AND VIDEO 
Braunschweig, Germany, Contact: Lars C Wolf, 
Phone: 49-531-3913288, 
wolf@ibr.cs.tu-bs.de 


Email: 


June 7-13 
ACM SIGPLAN CONFERENCE ON 
PROGRAMMING LANGUAGE DESIGN 
AND IMPLEMENTATION Tuscon, AZ, 
Contact: Rajiv Gupta, Phone: 951-827-2558, 
Email: gupta@cs.ucr.edu 


June 9-12 
INTERNATIONAL CONFERENCE ON 
MANAGEMENT OF DATA Vancouver, 
Canada, Sponsored: SIGMOD, Contact: Laks 
V.S. Lakshmanan, Phone: 604-822-3153, 
Email: laks@cs.ubc.ca 


June I1-13 
IDC08: 7TH INTERNATIONAL 
CONFERENCE ON INTERACTIVE DESIGN 
AND CHILDREN Chicago, IL, Contact: 
Justine Cassell, Phone: 847-491-3534, Email: 
justine@media.mit.edu 


June 15-20 
JCDL ’08: JoINT CONFERENCE ON 
DiciTtaL LIBRARIES Pittsburgh, PA, 


Contact: Ronald Larsen, Phone: 412-624- 
5139, Email: rlarsen@pitt.edu 


June 18-20 
IEA/AIE-2008: 21st INTERNATIONAL 
CONFERENCE ON INDUSTRIAL, 
ENGINEERING, & OTHER APPLICATIONS OF 
APPLIED INTELLIGENT SYSTEMS Wroclaw, 


Poland, Contact: Moonis Ali, Email: 
ma04@rxstate.edu 
June 19-21 


19TH ACM CONFERENCE ON HYyPER- 
TEXT AND HYPERMEDIA Pittsburgh, PA, 


Sponsored: SIGWEB, Contact: Dr. Peter 
Brusilovsky, Phone: 412-6249404, Email: 
peterb@pitt.edu 

June 21-25 


THE 35TH ANNUAL INTERNATIONAL 


SYMPOSIUM ON COMPUTER ARCH- 
ITECTURE Beijing, China, Contact: Kai Li, 


609-258-4639, Email: li@cs. 


princeton.edu 


Phone: 


June 23-26 
WOSP ’08:WorKSHOP ON SOFTWARE 
AND PERFORMANCE Princeton, NJ, Phone: 
908-615-4524, beto5599 
@yahoo.com 


Email: 


June 23-27 
HPDC ’08: INTERNATIONAL SyYm- 
POSIUM ON HIGH PERFORMANCE 
DisTRIBUTED COMPUTING Boston, MA, 
Contact: Manish Parashar, Phone: 732-445- 
5388, Email: parashar@caip.rutgers.edu 


June 30- July 2 
ITICSE 08: 13TH ANNUAL 
CONFERENCE ON INNOVATION AND 
TECHNOLOGY IN COMPUTER SCIENCE 
EDUCATION Madrid, Spain, Contact: June 
Amillo, Phone: 349-133-67427, 
amillo@fi.upm.es 


Email: 


July 2-4 
DisTRIBUTED EvENT-BASED SYSTEMS 
CONFERENCE Rome, Italy, Contact: Baldoni 
Roberto, Email: baldoni@dis.uniromal .it 


July 3-4 
EUROPEAN CONFERENCE ON INTER- 
ACTIVE TELEVISION 2008 Salzburg, Austria, 
Manfred — Tscheligi 
Manfred.tscheligi@sbg.ac.at 


Contact: Email: 


July 7-11 
EUROPEAN CONFERENCE ON OBJECT 
ORIENTED PROGRAMMING Paphos, Cyprus, 
Contact: Jan Vitek, Email: jv@cs.purdue.edu 


July 12-16 
GECCO ’08: GENETIC AND EvoLu- 
TIONARY COMPUTATION CONFERENCE 
Atlanta, GA, Contact: Hod Lipson, Email: 
hod. lipson@cornell.edu 


July 20-23 
INTERNATIONAL SYMPOSIUM ON 
SYMBOLIC AND ALGEBRAIC ComPU- 
TATION Linz/Hagenberg, Australia, Contact: 
Juan R. Sendra, Phone: 341-885-4902, 
Email: rafael.sendra@uah.es 


July 20-24 
INTERNATIONAL SYMPOSIUM ON 
SOFTWARE TESTING AND ANALYSIS 
Seattle, WA, Contact: Barbara G. Ryder, 
Phone: 732-445-6430 x3699, Email: ryder@ 
cs.rutgers.edu 
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July 21-25 
Mosiquitos08: 5TH ANNUAL 
INTERNATIONAL CONFERENCE ON 
MoBILE AND UBiquitous SYSTEMs: 
COMPUTING, NETWORKING AND 
SERVICES Dublin, Ireland, Contact: Liviu 
Iftode, Phone: 732-445-2001, 
iftode@cs.rutgers.edu 


Email: 


July 22-30 
OREGON PROGRAMMING LANGUAGES 
SUMMER SCHOOL Eugene, OR, Contact: 
Yannis Smaragdakis, Phone: 541-346-3491, 
Email: yannis@cs.uoregan.edu 


September |-3 
8TH INTERNATIONAL CONFERENCE ON 
INTELLIGENT VIRTUAL AGENTS Tokyo, 
Japan, Contact: Helmut Prendinger, Email: 
helmut @nii.ac.jp 


September 2-5 
10TH INTERNATIONAL CONFERENCE 
ON HUMAN COMPUTER INTERACTION 
WITH MOoBILE DEVICES AND SERVICES, 
Henri Hofte, Phone: 31-575-516319, Email: 
henri.terhoft @telin.nl 


September 8-11 
PRINCIPLES AND PRACTICE OF 
PROGRAMMING IN JAVA 2008 Modena, 
Italy, Contact: Giacomo Cabri, Phone: 39-059- 
2056190, Email: giacomo.cabri@unimore.it 


September 8-12 
12TH INTERNATIONAL SOFTWARE 
PrRopuct LINE CONFERENCE 2008 
Limerick, Ireland, Contact: Lero Klaus Pohl, 
Email: klaus.polhl@sse.uni-due.de 


September 16-19 
ECCE08: EUROPEAN CONFERENCE ON 
COGNITIVE ERGONOMICS = Madeira, 
Portugal, Contact: Joaquim A. Jorge, Phone: 
351-21-3100363, Email: jaj@inesc.pt 


September 20-23 
THE 10TH INTERNATIONAL CONFER- 
ENCE ON UBIQUITOUS COMPUTING 
Seoul, South Korea, Contact: Joseph 
McCarthy, Phone: 650-804-6987, Email: 
joe @interrelativity.com 


September 22-23 
MULTIMEDIA AND SECURITY WorK- 
SHOP Oxford, United Kingdom, Sponsored: 
SIGMM, Contact: Andrew David Ker, Phone: 
+44 1865 276602, Email: adk@comblab. 
ox.ac.uk 


PAUL WATSON 


Inside Risks 


Lauren Weinstein 


A Current Affair 


t's not a revelation that as a society we're often 

amiss when it comes to properly prioritizing 

technological issues. So it should be no surprise 

that one of the most significant upcoming 
changes in our physical infrastructure is getting lit- 
tle play not only in the mass media, but in technol- 
ogy-centric circles as well. 

There are increasing concerns that many persons 
in the U.S. are still unaware that virtually all over- 
the-air analog television signals are slated to cease in 
February 2009 as part of the conversion to digital 
TV (although betting against a Congressionally 
mandated extension at this time might be problem- 
atic). Yet it seems that almost nobody is talking 
about a vastly more far-reaching transition that is 
looming in our future just 12 years from now. 

Hopefully, you realize that I’m talking about the 
Congressionally ordered Development Initiative for 
Return to Edison Current Technology (DIRECT) 
and its core requirement for all public and private 
power grids in this country to be converted from 
AC to DC systems by 2020, with all new consumer 
and business devices using electricity to be capable 
of operating directly from these new DC power 
grids without transitional power conversion adapters 
by no later than 2030. 

OK, 2020 may still seem a long way off—2030 
even more so. But for changes on such a scale, this is 
really very little time, and we'd better get cracking 
now or else we're likely to be seriously unprepared 
when the deadlines hit. It’s really too late at this 
stage to reargue whether or not switching from AC 
to DC makes sense technologically. Personally, I find 
the arguments for the conversion to be generally 
unconvincing and politically motivated. 

As you may recall from those purposely late-night 
hearings on C-SPAN, significant aspects of the con- 
version have been predicated on anti-immigrant 
rhetoric. Many of those emotionally loaded discus- 
sions focused on the supposed “national shame” of 
our not using the “rock-solid stable” direct current 
power system championed by American hero Thomas 
Edison, and instead standardizing many years ago on 
an “inherently unstable” alternating current system, 
developed by an eccentric Croatian immigrant who 
enthusiastically proposed ideas characterized as grossly 
un-American—such as free broadcast power. 
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Similarly, it’s easy to view the associated legislative 
language as largely a giveaway to the cryogenics indus- 
try, which of course stands to profit from the vast num- 
bers of superconducting systems that will be necessary 
to create large, practical DC grids. Conversion propo- 
nents pointed at existing long-distance DC transmis- 
sion facilities, such as the Pacific DC Intertie, and the 
success of the conventional telephone system largely 
operating on DC current. But the Intertie is a highly 
specialized case, and even the phone system has relied 
on AC current for telephone ringing purposes. 

But this is all water over the spillway. There is a 
lot of money to be made from this power transi- 
tion. Stopping it now looks impossible. And admit- 
tedly, it’s difficult to argue very convincingly against 
the ability to do away with device power supplies 
that are needed now to convert wall current AC 
into DC, or against the simplicity of DC current 
when powering future generations of LED bulbs 
that will presumably replace both incandescents and 
mercury-laden fluorescents. 

It’s also true that much additional employment will 
be created, at least in the short term. Workers will be 
needed to install the new DC generating plants, dis- 
tribution components, and power meters. Also, the 
many AC transformers hanging on poles and buried 
in vaults all over the U.S. will need to be bypassed. 

Still, from a public-policy standpoint, I'd be lying if 
I didn’t state outright that, in my opinion, this entire 
affair is a risky fiasco, from political, economic, and 
even safety standpoints. For example, because Con- 
gress required that the same style wall sockets and 
plugs be retained for new DC devices as have long 
been used by existing AC products, we're sure to see 
RISKS horror stories galore about damaged equip- 
ment, and injured—even killed—consumers, when 
they run afoul of nasty power confusion accidents. 

Freewheeling AC/DC may be great for a rock band, 
but it’s no way to manage technology. While we can’t 
unplug this coming mess, we should at least internalize 
it as an object lesson in how special interests and jingo- 
istic propaganda can distort technology in ways that are 
counterproductive, dangerous, and even...shocking. _&@ 
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